Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/Rootkit.Gen in fuodwd.sys (https://www.trojaner-board.de/86592-tr-rootkit-gen-fuodwd-sys.html)

Avanki 30.05.2010 17:00
TR/Rootkit.Gen in fuodwd.sys
 
be mir den TR/Rootkit.Gen eingefangen sitzt in der Datei (laut Antivir) C:\windows\system32\drivers\fuodwd.sys
und kann nicht gelöscht oder sonst wie bearbeitet werden (gesicherter Modus/eingabeaufforderun usw)

Der Hijacker hat folgendes ausgeworfen :

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:43:14, on 30.05.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe
C:\Program Files\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Pegatron\Hotkey\PHControl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Public\Downloads\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.medion.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Hotkey] C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [fspuip] "\FSP\fspuip.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [skb] rundll32 "mxakhgcz.dll",,Run
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: IconPackager.lnk = C:\Program Files\Stardock\MyColors\IconPackager.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe

--
End of file - 9062 bytes
--- --- ---

Hoffe habe alle Forenregeln beachtet, und mir kann jemand helfen
Thx

undoreal 30.05.2010 18:08
Guten Abend.

Ich möchte gerne mal was ausprobieren:

Norton Power Eraser - Anleitung

NPE ist ein Tool zum Entfernen von Crime- und Scareware welche sich hartnäckig vor anderen Virenscannern versteckt und durch PopUps oder andere Meldungen die Arbeit am Computer massiv behindert.
Die Scanmethoden sind sehr aggressiv daher sollte das Tool nicht leichfertig benutzt werden.
Funde sollten erst dann gelöscht werden wenn ein Helfer dies ausdrücklich empfohlen hat.
Bei falscher oder leichtsinniger Benutzung drohen Datenverlust und Systeminstabilität!


Inhalt:
  • Dowload und Initiallisierung
  • Scan
  • Posten des logfiles


Download und Initiallisierung
  • Downloade dir das Programm von hier: http://security.symantec.com/nbrt/npe.asp
  • Führe die NMRUI.exe als Administrator aus. Sollte sich im folgenden dein Antiviren Programm oder deine Firewall melden und sich beschweren so erlaube die Aktionen bitte.
  • Wechsel in die Einstellungen. (oben rechts im Hauptfenster)
    • Dort stellst du den Erkennungsmodus auf aggressiv um!
    • Abschließend klickst du Übernehmen und dann OK um wieder in das Hauptfenster zu gelangen.

http://img215.imageshack.us/img215/5...stellungen.png


Scan
  • Im Hauptfenster klickst du auf Scannen (Systemscan) um den Scan zu starten.

    http://img696.imageshack.us/img696/5273/npehaupt.png

  • Nach dem Scan entferne auf keinen Fall irgendwelche Funde!!
  • Klicke einfach auf Protokoll suchen. So gelangst du in den Ordner wo das log gespeichert wurde. Es hat eine Dateinamen der in etwa so generiert wird: Info*zufäligeZahlen*.xml.
http://img94.imageshack.us/img94/1562/npeprotokoll.png

Posten des logfiles

Avanki 31.05.2010 04:51
So habe alles gemacht und die Protokoll Datei als zip angehängt
Hoffe das es so klappt
thx schonmal

undoreal 31.05.2010 08:21
Anleitung Avenger (by swandog46)
Lade dir das Tool Avenger und speichere es auf dem Desktop
  • Setze den Haken bei "Automatically disable any rootkits found"
  • Kopiere nun folgenden Text in das weiße Feld bei -> "Input script here"
Code:
Files to delete:
c:\windows\system32\mxakhgcz.dll

Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|skb
  • Schliesse nun alle Programme und Browser-Fenster
  • Um den Avenger zu starten klicke auf -> Execute
  • Dann bestätigen mit "Yes" das der Rechner neu startet
  • Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt
  • Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Forum.

GMER - Rootkit Detection
  • Lade Gmer von hier herunter. (Etwas weiter unten auf der Seite findet sich der Button "Download EXE". Es wird ein zufälliger Dateiname erzeugt.)
  • Doppelklicke die zufälligerDateiname.exe
  • Der Reiter Rootkit oben ist schon angewählt
http://saved.im/mzaxndu2m2ni_vs/gmerzj1oo1.jpg
  • Drücke Scan, Der Vorgang kann je nach System 3 - 10min dauern
  • nach Beendigung des Scan, drücke "Copy"
  • nun kannst Du das Ergebnis hier posten


Master Boot Record überprüfen:

Lade dir die mbr.exe von gmer auf den Desktop und führe die Datei mit Administrator-Rechten aus.

Poste das log!

Sollte ein MBR Rootkit gefunden worde sein, das wird im log durch den Ausdruck
Zitat:
MBR rootkit code detected !
indiziert und du musst du eine Bereinigung vornehmen.

Downloade dir dafür die mbr.bat.txt von BataAlexander und speichere sie neben der mbr.exe auf dem Desktop.
Ändere die Endung der mbr.txt.bat in mbr.bat Eine vernünftige Ordneransicht ist dafür nötig.
Dann führe die mbr.bat. durch einen Doppelklick aus.
Dabei muss sich die mbr.exe von gmer ebenfalls auf dem Desktop befinden!

Der MBR wird bereinigt und es erscheint ein log. Poste auch diese log!



Dateien Online überprüfen lassen:


* Lasse dir auch die versteckten Dateien anzeigen!

* Rufe die Seite Virustotal auf.

* Dort suche über den "Durchsuchen"-Button folgende Datei raus und lade sie durch Druck auf den "Senden der Datei"-Button hoch.

Zitat:
C:\Program Files\MPC HomeCinema\mpc-hc.exe
Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
* Sollte die Datei bereits analysiert worden sein so lasse sie unbedingt trotzdem nocheinmal analysieren!
* Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Avanki 31.05.2010 10:45
So habe hoffentlich alles gemacht, wenn etwas fehlen sollte bitte sagen:

mbr:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR

VirusTotal:
Die Datei wurde bereits analysiert:
MD5: 0b8f2126e86e783d72cfb5dcdcb39735
First received: 2009.08.28 01:29:40 UTC
Datum 2010.05.14 09:48:20 UTC [>16D]
Ergebnisse 0/41
Permalink: analisis/341b42b33bcf248207d05d8d87398ad6566ad3c16b3bfb680fcd0cc77fd69db9-1273830500

avnger:
Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\mxakhgcz.dll" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|skb" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

gmerscan part 1:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-31 10:24:48
Windows 6.1.7600
Running: 6j8ediop.exe; Driver: C:\Users\MIA\AppData\Local\Temp\ufldypow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8243DAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8243D104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8243D3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 824262D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82425898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8243D1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8243D958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8243D6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8243DF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8243E1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82056599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8207AF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\fuodwd.sys Ein an das System angeschlossenes Gerät funktioniert nicht. !
.text peauth.sys A707BC9D 28 Bytes [5E, BE, A5, 43, 8D, 0F, F0, ...]
.text peauth.sys A707BCC1 28 Bytes [5E, BE, A5, 43, 8D, 0F, F0, ...]
PAGE peauth.sys A7081E20 101 Bytes [66, 17, E4, 3E, DC, 8A, 3D, ...]
PAGE peauth.sys A708202C 102 Bytes [01, 63, 06, 55, 3C, 25, 21, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1028] ntdll.dll!NtProtectVirtualMemory 770C5360 5 Bytes JMP 002D000A
.text C:\Windows\system32\svchost.exe[1028] ntdll.dll!NtWriteVirtualMemory 770C5EE0 5 Bytes JMP 002E000A
.text C:\Windows\system32\svchost.exe[1028] ntdll.dll!KiUserExceptionDispatcher 770C6448 5 Bytes JMP 002C000A
.text C:\Windows\system32\svchost.exe[1028] ole32.dll!CoCreateInstance 76F757FC 5 Bytes JMP 0038000A
.text C:\Windows\system32\taskhost.exe[1768] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[1768] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[1768] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[1768] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[1768] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[1768] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Windows\system32\taskhost.exe[1768] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[1768] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[1768] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[1768] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2088] ntdll.dll!NtProtectVirtualMemory 770C5360 5 Bytes JMP 0028000A
.text C:\Windows\Explorer.EXE[2088] ntdll.dll!NtWriteVirtualMemory 770C5EE0 5 Bytes JMP 0029000A
.text C:\Windows\Explorer.EXE[2088] ntdll.dll!KiUserExceptionDispatcher 770C6448 5 Bytes JMP 0016000A
.text C:\Windows\Explorer.EXE[2088] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2088] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2088] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2088] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2088] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Windows\Explorer.EXE[2088] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2088] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2088] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2088] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[3224] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[3260] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[3260] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[3260] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[3260] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[3260] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[3260] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Windows\System32\hkcmd.exe[3260] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[3260] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[3260] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[3260] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[3308] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[3308] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[3308] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[3308] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[3308] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[3308] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Windows\System32\igfxpers.exe[3308] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[3308] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[3308] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[3308] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[3388] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[3388] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[3388] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[3388] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[3388] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[3388] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Windows\system32\igfxsrvc.exe[3388] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[3388] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[3388] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[3388] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] KERNEL32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)

Avanki 31.05.2010 10:46
gmerscan part 2:

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1760] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1760] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1760] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1760] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1760] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1760] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [66058B43] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [66058B43] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\Dwm.exe[2076] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [6605BAED] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\Dwm.exe[2076] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [6605BAED] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\Dwm.exe[2076] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [6605BAED] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\Dwm.exe[2076] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\Dwm.exe[2076] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateRectRgn] [66009EF3] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [66058B43] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [USER32.dll!UpdateLayeredWindow] [66059343] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [USER32.dll!UpdateLayeredWindowIndirect] [66058C5D] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [USER32.dll!EndPaint] [66059DD7] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [USER32.dll!LoadImageW] [6600ABEE] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [USER32.dll!BeginPaint] [66059AB8] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [USER32.dll!DrawTextW] [6605C0F9] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [66058B43] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [66058B43] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6600ABEE] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawTextW] [6605C0F9] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHELL32.dll [USER32.dll!BeginPaint] [66059AB8] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndPaint] [66059DD7] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] [66058B43] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\igfxtray.exe[3224] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\igfxtray.exe[3224] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\igfxtray.exe[3224] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\hkcmd.exe[3260] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\hkcmd.exe[3260] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\hkcmd.exe[3260] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\igfxpers.exe[3308] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\igfxpers.exe[3308] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\igfxpers.exe[3308] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3376] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3376] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3376] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[3520] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[3520] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[3520] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] @ C:\Windows\system32\shell32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] @ C:\Windows\system32\shell32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84F83CC8

AttachedDevice \FileSystem\Ntfs \Ntfs BdFileSpy.sys

Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 84C90EC5

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243ee27c4
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243faceb1
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243faceb1@001fe4520ebd 0x65 0x5F 0x44 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\fuodwd@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\fuodwd@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\fuodwd@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\services\fuodwd@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243ee27c4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243faceb1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243faceb1@001fe4520ebd 0x65 0x5F 0x44 0x8C ...
Reg HKLM\SYSTEM\ControlSet002\services\fuodwd@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\fuodwd@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\fuodwd@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\services\fuodwd@Group Boot Bus Extender
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{617A4722-CD54-4FA4-A57E-720841921D98}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{617A4722-CD54-4FA4-A57E-720841921D98}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{617A4722-CD54-4FA4-A57E-720841921D98}@Path \Microsoft\Windows Defender\MP Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{617A4722-CD54-4FA4-A57E-720841921D98}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{617A4722-CD54-4FA4-A57E-720841921D98}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {617A4722-CD54-4FA4-A57E-720841921D98}

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

undoreal 31.05.2010 10:55
2 Treffer. Bevor wir die bereinigen möchte ich mir etwas angucken:

Poste bitte ein OSAM log.

Und leg dir schonmal deine Windows CD parat.

Avanki 31.05.2010 11:10
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 12:08:13 on 31.05.2010

OS: Windows 7 Starter Edition (Build 7600), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job" - ? - C:\Users\SAM\AppData\Local\Temp\Kkc.exe  (File not found)
"{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job" - ? - C:\Users\SAM\AppData\Local\Temp\Kkd.exe  (File not found)

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"BullGuard File Monitor Driver" (BdFileSpy) - "BullGuard Ltd." - C:\Windows\system32\drivers\BdFileSpy.sys
"fuodwd" (fuodwd) - ? - C:\Windows\system32\drivers\fuodwd.sys  (Hidden registry entry, rootkit activity | File not found)
"Profos" (Profos) - ? - C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys  (File found, but it contains no detailed information)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1F25C6E4-E60D-421A-863F-D0C76F6AB211} "BullGuard Online-Laufwerk" - ? - C:\Program Files\BullGuard Ltd\BullGuard\BackupShellNamespace.dll  (File not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen  (HTTP value)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\MIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"IconPackager.lnk" - "Stardock Corporation" - C:\Program Files\Stardock\MyColors\IconPackager.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"WDDMStatus.lnk" - "WDC" - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe  (Shortcut exists | File exists)
"WDSmartWare.lnk" - "Western Digital" - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe  (Shortcut exists | File exists)
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"fspuip" - ? - "\FSP\fspuip.exe"  (File not found)
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Hotkey" - ? - C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe  (File found, but it contains no detailed information)
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"PDVD9LanguageShortcut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"skb" - ? - rundll32 "mxakhgcz.dll",,Run
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
"YouCam Mirror Tray icon" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"BullGuard Email Monitoring Service" (BsMailProxy) - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy.dll
"BullGuard File Scan Service" (BsFileScan) - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll
"BullGuard Firewall Service" (BsFire) - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll
"BullGuard LiveUpdate" (BgLiveSvc) - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
"BullGuard Main Service" (BgMainSvc) - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"Stardock WindowBlinds" (WindowBlinds) - "Stardock Corporation" - C:\Program Files\Stardock\MyColors\VistaSrv.exe
"WD SmartWare Background Service" (WDSmartWareBackgroundService) - "Memeo" - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
"WD SmartWare Drive Manager" (WDDMService) - "WDC" - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"BGLsp" - "BullGuard Ltd." - C:\Windows\system32\BGLsp.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

Avanki 31.05.2010 11:16
Mist, finde die blöde disk nicht, hoffe bekomen dasn! evt auch ohne hi

undoreal 31.05.2010 11:34
Deaktiviere mit OSAM folgende Einträge:
Zitat:
[Common]
-----( %SystemRoot%\Tasks )-----
"{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job" - ? - C:\Users\SAM\AppData\Local\Temp\Kkc.exe (File not found)
"{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job" - ? - C:\Users\SAM\AppData\Local\Temp\Kkd.exe (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"fuodwd" (fuodwd) - ? - C:\Windows\system32\drivers\fuodwd.sys (Hidden registry entry, rootkit activity | File not found)

[Logon]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"skb" - ? - rundll32 "mxakhgcz.dll",,Run

Sag mal hattest du mal Bullguard drauf? Da sind noch super viele Einträge übrig.
Deinstalliere den ganzen Mist bitte indem so vorgehst: http://www.bullguard.com/support/pro...uninstall.aspx
Das Removal Tool findet sich ganz unten auf den Seite.


Zitat:
Mist, finde die blöde disk nicht, hoffe bekomen dasn! evt auch ohne hi
Ohne die Windows CD wird es schwierig die atapi.sys wieder grade zu biegen.

Wäre besser wenn du sie finden würdest.
Ansonsten mache bitte das hier: http://www.trojaner-board.de/82358-t...tml#post640150 und poste uns den Bericht.

Avanki 31.05.2010 11:52
Habe alle datein deaktiverit, ging nicht sofort (easyway) Musste einmal runterfahren, hoffe hater gemacht und bullguard habe ich komplett deinstaliert.

mache jetzt den tdsskiller, weil disk ist nicht auffindbar, aber wollt evt. sowieso xp draufmachen wenn system sauber ist

Avanki 31.05.2010 11:55
tdsskiller scan hat überall 0 ergeben

undoreal 31.05.2010 12:42
Zitat:
tdsskiller scan hat überall 0 ergeben
Das dacht ich mir.

Poste bitte ein neues gmer, HJT und OSAM log.

Avanki 31.05.2010 21:24
Hier schomal der osamlog:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:19:15 on 31.05.2010

OS: Windows 7 Starter Edition (Build 7600), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
(Disabled) "{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job" - ? - C:\Users\SAM\AppData\Local\Temp\Kkc.exe  (File not found)
(Disabled) "{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job" - ? - C:\Users\SAM\AppData\Local\Temp\Kkd.exe  (File not found)

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"Profos" (Profos) - ? - C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"ufldypow" (ufldypow) - ? - C:\Users\MIA\AppData\Local\Temp\ufldypow.sys  (Hidden registry entry, rootkit activity | File not found)
(Disabled) "fuodwd" (fuodwd) - ? - C:\Windows\system32\drivers\fuodwd.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1F25C6E4-E60D-421A-863F-D0C76F6AB211} "BullGuard Online-Laufwerk" - ? - C:\Program Files\BullGuard Ltd\BullGuard\BackupShellNamespace.dll  (File not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\MIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"IconPackager.lnk" - "Stardock Corporation" - C:\Program Files\Stardock\MyColors\IconPackager.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"WDDMStatus.lnk" - "WDC" - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe  (Shortcut exists | File exists)
"WDSmartWare.lnk" - "Western Digital" - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe  (Shortcut exists | File exists)
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"fspuip" - ? - "\FSP\fspuip.exe"  (File not found)
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Hotkey" - ? - C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe  (File found, but it contains no detailed information)
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"PDVD9LanguageShortcut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
"YouCam Mirror Tray icon" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
(Disabled) "skb" - ? - rundll32 "mxakhgcz.dll",,Run

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"Stardock WindowBlinds" (WindowBlinds) - "Stardock Corporation" - C:\Program Files\Stardock\MyColors\VistaSrv.exe
"WD SmartWare Background Service" (WDSmartWareBackgroundService) - "Memeo" - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
"WD SmartWare Drive Manager" (WDDMService) - "WDC" - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.

Avanki 31.05.2010 21:25
Hier der Hijacklog:

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:24:33, on 31.05.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe
C:\Program Files\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Pegatron\Hotkey\PHControl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MEDION Deutschland - MEDION International
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Hotkey] C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [fspuip] "\FSP\fspuip.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: IconPackager.lnk = C:\Program Files\Stardock\MyColors\IconPackager.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen (file missing)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen (file missing) (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe

--
End of file - 7980 bytes
--- --- ---

Avanki 31.05.2010 21:58
Gmer Part1 :

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-05-31 22:39:39
Windows 6.1.7600
Running: 0joy4kic.exe; Driver: C:\Users\MIA\AppData\Local\Temp\ufldypow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82025AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82025104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820253F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8200E2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8200D898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820251DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82025958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820256F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82025F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820261A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82085599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 820A9F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys A4962C9D 28 Bytes [84, F3, 33, 78, FB, E3, 63, ...]
.text peauth.sys A4962CC1 28 Bytes [84, F3, 33, 78, FB, E3, 63, ...]
PAGE peauth.sys A4968E20 101 Bytes [89, FA, 9F, C8, 9D, 08, 94, ...]
PAGE peauth.sys A496902C 102 Bytes [10, 8B, 4D, C3, 87, 54, C3, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\taskhost.exe[736] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[736] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[736] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[736] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[736] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[736] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Windows\system32\taskhost.exe[736] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[736] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[736] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[736] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Desktop\0joy4kic.exe[1576] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Desktop\0joy4kic.exe[1576] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Desktop\0joy4kic.exe[1576] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Desktop\0joy4kic.exe[1576] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Desktop\0joy4kic.exe[1576] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Desktop\0joy4kic.exe[1576] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Users\MIA\Desktop\0joy4kic.exe[1576] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Desktop\0joy4kic.exe[1576] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Desktop\0joy4kic.exe[1576] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Desktop\0joy4kic.exe[1576] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2052] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2052] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2052] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2052] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2052] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2052] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Windows\Explorer.EXE[2052] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2052] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2052] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2052] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[2300] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[2300] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[2300] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[2300] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[2300] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[2300] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[2300] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[2300] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[2300] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[2300] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[2332] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[2332] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[2332] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[2332] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[2332] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[2332] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[2332] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[2332] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[2332] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[2332] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2340] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2340] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2340] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2340] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2340] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2340] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2340] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2340] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2340] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2340] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[2356] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[2356] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[2356] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[2356] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[2356] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[2356] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Windows\System32\igfxtray.exe[2356] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[2356] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[2356] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[2356] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[2364] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[2364] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[2364] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[2364] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[2364] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[2364] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Windows\System32\hkcmd.exe[2364] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[2364] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[2364] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[2364] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[2376] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[2376] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[2376] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[2376] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[2376] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[2376] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Windows\System32\igfxpers.exe[2376] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[2376] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[2376] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[2376] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[2440] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[2440] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[2440] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[2440] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[2440] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[2440] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Windows\system32\igfxsrvc.exe[2440] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[2440] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[2440] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[2440] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2484] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2484] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2484] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2484] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2484] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2484] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Program Files\iTunes\iTunesHelper.exe[2484] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2484] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2484] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[2484] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!CreateDialogParamW 77009BFF 5 Bytes JMP 6A4FC548 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!EnableWindow 7700A72E 5 Bytes JMP 6A4FC4C3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!GetAsyncKeyState 7700C09A 5 Bytes JMP 6A4BD6C9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!UnhookWindowsHookEx 7700CC7B 5 Bytes JMP 6A5B82FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!CallNextHookEx 7700CC8F 5 Bytes JMP 6A599D00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!CreateWindowExW 77010E51 5 Bytes JMP 6A5A80F7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!SetWindowsHookExW 7701210A 5 Bytes JMP 6A5545DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!GetKeyState 77014FDA 5 Bytes JMP 6A4FD73A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!IsDialogMessageW 77016F06 5 Bytes JMP 6A4C425C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!CreateDialogParamA 77023E79 5 Bytes JMP 6A6CFE19 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!IsDialogMessage 7702407A 5 Bytes JMP 6A6CF6BA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!CreateDialogIndirectParamA 77029110 5 Bytes JMP 6A6CFE50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!CreateDialogIndirectParamW 770308AD 5 Bytes JMP 6A6CFE87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!DialogBoxIndirectParamW 77034AA7 5 Bytes JMP 6A6CF218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!EndDialog 7703555C 5 Bytes JMP 6A4C5AC1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!DialogBoxParamW 7703564A 5 Bytes JMP 6A4C4B7F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!SetKeyboardState 77036B52 5 Bytes JMP 6A6CFA1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!SendInput 77037055 5 Bytes JMP 6A6D05E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!SetCursorPos 7704C1D8 5 Bytes JMP 6A6D0640 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!DialogBoxParamA 7704CF6A 5 Bytes JMP 6A6CF1B5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!DialogBoxIndirectParamA 7704D29C 5 Bytes JMP 6A6CF27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!MessageBoxIndirectA 7705E8C9 5 Bytes JMP 6A6CF14A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!MessageBoxIndirectW 7705E9C3 5 Bytes JMP 6A6CF0DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!MessageBoxExA 7705EA29 5 Bytes JMP 6A6CF07D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!MessageBoxExW 7705EA4D 5 Bytes JMP 6A6CF01B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!keybd_event 7705EC9B 5 Bytes JMP 6A6D0973 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] SHELL32.dll!SHChangeNotification_Lock + 45BA 75D7B3E8 4 Bytes [11, 36, F5, 67]
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] SHELL32.dll!SHChangeNotification_Lock + 45C2 75D7B3F0 8 Bytes [5F, 35, F5, 67, D0, 73, F4, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] ole32.dll!OleLoadFromStream 77435B88 5 Bytes JMP 6A6CF576 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] ole32.dll!CoCreateInstance 774857FC 5 Bytes JMP 6A5A8BE5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] ws2_32.DLL!closesocket 76FC3BED 5 Bytes JMP 64CFEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] ws2_32.DLL!socket 76FC3F00 5 Bytes JMP 64CFE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] ws2_32.DLL!recv 76FC47DF 5 Bytes JMP 64CFF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] ws2_32.DLL!connect 76FC48BE 5 Bytes JMP 64CFE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] ws2_32.DLL!getaddrinfo 76FC6737 5 Bytes JMP 64CFE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] ws2_32.DLL!send 76FCC4C8 5 Bytes JMP 64CFE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2528] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2528] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2528] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2528] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2528] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2528] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2528] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2528] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2528] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2528] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2556] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2556] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2556] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2556] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2556] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2556] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2556] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2556] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2556] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2556] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2596] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[2608] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[2608] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[2608] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[2608] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[2608] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[2608] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[2608] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[2608] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[2608] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[2608] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2716] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2716] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2716] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2716] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2716] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2716] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2716] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2716] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2716] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2716] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2800] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2800] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2800] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2800] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2800] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2800] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2800] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2800] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2800] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2800] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[2892] KERNEL32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[2892] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[2892] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[2892] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[2892] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[2892] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[2892] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[2892] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[2892] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[2892] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!VirtualProtect 771150AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!SetWindowPlacement 77008169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!MoveWindow 7700A8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!DeferWindowPos 7700C338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!CreateWindowExW 77010E51 5 Bytes JMP 6A5A80F7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!SetWindowPos 77013581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!SetWindowPos + 3 77013584 2 Bytes [02, EF] {ADD CH, BH}
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!GetWindowRect 77017450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!EndPaint 77017B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!BeginPaint 77017B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!DialogBoxIndirectParamW 77034AA7 5 Bytes JMP 6A6CF218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!DialogBoxParamW 7703564A 5 Bytes JMP 6A4C4B7F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!GetWindowPlacement 77036BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!DialogBoxParamA 7704CF6A 5 Bytes JMP 6A6CF1B5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!DialogBoxIndirectParamA 7704D29C 5 Bytes JMP 6A6CF27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!MessageBoxIndirectA 7705E8C9 5 Bytes JMP 6A6CF14A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

Avanki 31.05.2010 21:59
Gmer Part2 :

.text C:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!MessageBoxIndirectW 7705E9C3 5 Bytes JMP 6A6CF0DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!MessageBoxExA 7705EA29 5 Bytes JMP 6A6CF07D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] USER32.dll!MessageBoxExW 7705EA4D 5 Bytes JMP 6A6CF01B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\taskhost.exe[736] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[736] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[736] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[736] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[736] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [66058B43] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[736] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[736] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[736] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [66058B43] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\msiexec.exe[1428] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [757F5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[1428] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [757F5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[1428] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [757F5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[1428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [757F5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[1428] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [757F5D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\Dwm.exe[1584] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [6605BAED] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [66058B43] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\Explorer.EXE [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\Explorer.EXE [USER32.dll!UpdateLayeredWindow] [66059343] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\Explorer.EXE [USER32.dll!UpdateLayeredWindowIndirect] [66058C5D] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\Explorer.EXE [USER32.dll!EndPaint] [66059DD7] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\Explorer.EXE [USER32.dll!LoadImageW] [6600ABEE] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\Explorer.EXE [USER32.dll!BeginPaint] [66059AB8] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\Explorer.EXE [USER32.dll!DrawTextW] [6605C0F9] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [66058B43] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [66058B43] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6600ABEE] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawTextW] [6605C0F9] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\SHELL32.dll [USER32.dll!BeginPaint] [66059AB8] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndPaint] [66059DD7] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] [66058B43] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2052] @ C:\Windows\system32\WININET.dll [USER32.dll!LoadImageW] [6600ABEE] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[2300] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[2300] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[2300] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\CyberLink\YouCam\YouCamTray.exe[2332] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\CyberLink\YouCam\YouCamTray.exe[2332] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\CyberLink\YouCam\YouCamTray.exe[2332] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2340] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2340] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2340] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\igfxtray.exe[2356] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\igfxtray.exe[2356] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\igfxtray.exe[2356] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\hkcmd.exe[2364] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\hkcmd.exe[2364] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\hkcmd.exe[2364] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\igfxpers.exe[2376] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\igfxpers.exe[2376] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\igfxpers.exe[2376] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2484] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2484] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2484] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [67F39F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [67F43932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [67F41ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [67F3C028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [67F43B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [67F4595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [67F447A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [67F44EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [67F41D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [67F3F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [67F39F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [67F41BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [67F406BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [67F3FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [67F41ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [67F41A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [67F40043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [67F40CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [67F43932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [67F41BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [67F39F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [67F406BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [67F41BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [67F40CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [67F42ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [67F3F1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [67F3F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [67F3FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [67F41A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [67F41ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [67F44EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [67F447A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [67F3DF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [67F406BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [67F43932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [67F3DCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [67F3DE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [67F40571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [67F39F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [67F41D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [67F3DBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [67F441F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [67F4595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [67F44735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [67F44B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [67F4823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [67F489C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [67F48584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [67F47E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [67F48CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [67F490D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [67F47C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [67F48D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [67F47F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [67F4794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [67F47D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [67F48898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [67F486C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [67F48760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [67F47EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [67F49B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [67F4958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [67F499D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [67F48026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [67F47F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [67F47AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [67F497FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [67F47BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [67F49C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [67F498B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [67F477ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [67F496FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [67F481EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [67F480BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [67F48286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [67F48D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [67F47DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [67F48F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [67F4892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [67F49A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [67F492E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [67F49E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [67F48E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [67F47B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [67F49029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [67F4789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [67F483BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [67F4861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [67F48A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [67F48454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [67F484EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [67F49974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [67F48EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [67F3D9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6600ABEE] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [67F41904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [67F4141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [67F41A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [67F409C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [67F3FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [67F3F834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [67F3F084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [67F427FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [67F41BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [67F3F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [67F3EB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [67F3E563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [67F42ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [67F427DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [67F3E901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [67F40043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [67F3EE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [67F41BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [67F41A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [67F39F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [67F49974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [67F49916] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [67F48A0C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [67F48D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [67F48E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [67F47D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [67F48FCE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [67F49E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [67F49029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [67F49E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [67F47C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [67F39F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2504] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [67F39F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2528] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2528] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2528] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2556] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2556] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2556] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[2596] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[2596] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[2596] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Pegatron\Hotkey\PHControl.exe[2608] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Pegatron\Hotkey\PHControl.exe[2608] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Pegatron\Hotkey\PHControl.exe[2608] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2716] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2716] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2716] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2800] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2800] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2800] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[2892] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[2892] @ C:\Windows\system32\shell32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[2892] @ C:\Windows\system32\shell32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3952] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6600ABEE] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3952] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3952] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3952] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3952] @ C:\Windows\system32\WININET.dll [USER32.dll!LoadImageW] [6600ABEE] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243ee27c4
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243faceb1
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243faceb1@001fe4520ebd 0x65 0x5F 0x44 0x8C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243ee27c4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243faceb1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243faceb1@001fe4520ebd 0x65 0x5F 0x44 0x8C ...
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LazyCheckPointUpdateInterval

Avanki 31.05.2010 22:01
Bekommen wir das in den Griff,oder doch besser Format C:\ und dann nen XP drauf machen? (Wäre meine alternative wenn es zu doll ist

undoreal 31.05.2010 22:48
Zitat:
Zitat von Avanki (Beitrag 529661)
Bekommen wir das in den Griff,oder doch besser Format C:\ und dann nen XP drauf machen? (Wäre meine alternative wenn es zu doll ist
Ohne Windows CD kann ich dir die atapi.sys nicht wirklich gut gradebiegen. Das ist weniger gut daher musst du dann neuaufsetzen.

Bereinigung nach einer Kompromitierung


Hinweis: Die Analyse eines Virenscanners ist völlig unzureichend, um Aussagen über das System zu machen!

Leider tauchen momentan immer mehr Schädlinge auf die sich in den Master Boot Record, kurz MBR einschreiben. Dieser wird bei einer herkömmlichen Neuinstallation nicht komplett überschrieben und stellt somit ein erhebliches Sicherheitsrisiko dar. Vor der Neuinstallation sollte daher sichergegangen werden, dass der MBR in Ordnung ist.

Master Boot Record reparieren:

Vista/Win7:

Um die Wiederherstellungskonsole zu starten, einfach die Windows Vista DVD in das Laufwerk legen und davon booten.
Nach kurzer Zeit wird nach den gewünschten Länder und Spracheinstellungen gefragt.

Im anschließenden Fenster kann man über den Eintrag "Systemwiederherstellungsoptionen" die Wiederherstellungskonsole öffnen.

Durch klicken auf "Weiter" wird Windows veranlasst nach gültigen Windows Installationen auf der Festplatte zu suchen. Anschließend wird eine Liste der gefundenen Installationen zur Auswahl angezeigt.

Nach der Auswahl der gewünschten Windows-Version wird ein neues Fenster geöffnet welches die folgenden Möglichkeiten anbietet:

- Systemreparatur: Automatisches Reparieren von Windows Startproblemen (Bootsector usw.)
- Systemwiederherstellung: Herstellen von Windows über vorhandene Wiederherstellungspunkte
- Windows Komplett Wiederherstellung: Komplettes wiederherstellen eines Windows-Backups
- Windows Speicher Diagnose Tool: Arbeitsspeicher auf Fehler überprüfen (Neustart erforderlich)
- Eingabeaufforderung: Kommandozeile/Eingabeaufforderung

Öffne die Eingabeaufforderung, gib Bootrec.exe ein drücke Enter.

Wähle die /FixMBR Option. fixmbr reinschreiben und Enter drücken.


XP:

Um die Wiederherstellungskonsole zu starten, einfach die Windows XP CD in das Laufwerk legen und davon booten.. Wenn du dazu aufgefordert wirst, wähle die erforderliche Optionen für den Start von der Installations-CD aus.
Wenn der textbasierte Teil des Setups startet, wähle die Option zum Reparieren oder Wiederherstellen, indem du die Taste [R] drückt.
Gegebenfalls nun das Administratorkennwort eingeben.
Nun gelangst du zur Eingabeaufforderung der Wiederherstellungskonsole.

Dort bitte den Befehl fixmbr eingeben und mit Enter bestätigen.

Um die Wiederherstellungskonsole zu beenden und den Computer neu zu starten, gibst du 'exit' ein.


Einen Personal Computer neuaufsetzen:

Lies dir bitte bevor du dich an die Arbeit machst folgende Anleitung ganz genau durch:

Neuaufsetzen des Systems mit abschließender Absicherung.

Wenn du diese Anleitung zum Neuaufsetzen nicht ganz genau befolgst ist das Neuaufsetzen sinnlos!

Alle Festplatten müssen komplett formatiert werden!

Daten solltest du am besten keine sichern.
Wenn du sehr wichtige, unersetzliche Dateien sichern möchtest so musst du dies nach strengen Kriterien tun:

a) Die Datei darf nicht ausführbar sein. Das heisst sie darf keine der hier aufgeführte Dateiendung haben. Beachte bitte, dass einige Schädlinge ihre Dateiendung tarnen. Abhilfe schafft hier eine vernünftige Ordneransicht.

b) Jede Datei sollte, bevor sie wieder auf den frischen Rechner gelangt mit MWAV durchsucht werden.

c) Auch wenn du die Punkte a) und b) ganz genau einhältst sind die Dateien nicht vertrauenswürdig!!
Schädlinge können auch nicht-ausführbare Dateien wie .mp3 .doc usw. infizieren!! Und MWAV sowie andere AV-Scanner findet nur einen Bruchteil aller infizierten Dateien!

Außerdem sollte die Sicherung über eine LiveCD geschehen da sich Viren gerne an Dateien anhängen oder externe Datenträger infizieren.
Das wird durch die Nutzung einer LiveCD verhindert.
Auf Grund der bekannten Oberfläche empfehle ich Windows7PE.
Die PC-Welt stellt folgendes Paket zur Erstellung bereit: Rettungssystem für XP, Vista und Windows 7 - PC-WELT


Nachdem du neuaufgesetzt hast musst du unbedingt alle Passwörter und Zugangsaccounts ändern!!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:17 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131