|
Mülltonne: habe Malewarebytes,TDSS Killer,OTL und gmer vom Laptop Entfernt und danach ein avira fund ""EXP/JS.Expack.EB" gemachtWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
05.02.2013, 18:20 | #1 |
| habe Malewarebytes,TDSS Killer,OTL und gmer vom Laptop Entfernt und danach ein avira fund ""EXP/JS.Expack.EB" gemacht Hallo ich habe gerade unseren Soundsystem Laptop und habe Malewarebytes,TDSS Killer,OTL und GMER vom Laptop Entfernt.Danach hat Antivira folgenden Fund gemacht"EXP/JS.Expack.EB".Habe Sofort danach alle Scans gemacht die bei euch in der Anleitung Stehen plus einen Antimalware Scan.Habe jetzt auch in erfahrungen bringen können das dieser Löchvorgang ein großer Fehler von mir war.Der Laptop ist auch beim 1 Versuch euch zu Schreiben Abgestürzt,hatte dan einen Blauen bildschirm was dort stand konnte ich leider nicht lesen. hier die LogsOTL Logfile: Code:
ATTFilter OTL logfile created on: 05.02.2013 16:26:40 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mathias Wehpke\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 56,50% Memory free 7,95 Gb Paging File | 6,07 Gb Available in Paging File | 76,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 47,32 Gb Free Space | 20,32% Space Free | Partition Type: NTFS Drive D: | 232,49 Gb Total Space | 101,70 Gb Free Space | 43,74% Space Free | Partition Type: NTFS Computer Name: MATHIASWEHPKE | User Name: Mathias Wehpke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.05 16:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias Wehpke\Downloads\OTL.exe PRC - [2012.12.31 13:06:11 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.28 16:09:56 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe PRC - [2012.08.17 11:21:30 | 000,927,840 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe PRC - [2012.08.11 11:51:11 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2012.05.08 20:47:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 20:47:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.02.01 13:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.01 13:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.03 14:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2010.10.27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.08.25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.08.16 10:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe PRC - [2010.08.04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.07.28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe ========== Modules (No Company Name) ========== MOD - [2012.12.31 13:06:10 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.08.28 16:09:56 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV:64bit: - [2011.10.12 10:55:12 | 005,739,008 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV:64bit: - [2010.12.09 17:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2010.12.08 15:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2010.10.20 14:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.01.09 02:05:29 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.08.17 11:21:30 | 000,927,840 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe -- (vToolbarUpdater12.2.0) SRV - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 20:47:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 20:47:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.02.10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2011.02.01 13:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.01 13:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.11.29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010.08.04 17:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.01.28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 20:47:29 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 20:47:29 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.21 12:51:29 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.05.31 10:11:36 | 000,415,744 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb) DRV:64bit: - [2011.05.10 02:41:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.05.03 08:42:40 | 000,222,464 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.08 19:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2011.02.03 19:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.01.30 11:19:34 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2011.01.13 19:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.01.12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.01.05 01:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2010.12.07 14:23:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem) DRV:64bit: - [2010.12.07 14:23:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag) DRV:64bit: - [2010.12.07 14:23:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps) DRV:64bit: - [2010.12.07 14:22:58 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.07.27 02:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2010.07.20 17:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.03.22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 AA 7E EB D5 34 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb174/?loc=IB_DS&a=6OyOpTITSz&&i=26&search=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.17 19:03:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.17 19:03:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.12 08:22:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.27 09:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias Wehpke\AppData\Roaming\mozilla\Extensions [2012.10.25 14:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias Wehpke\AppData\Roaming\mozilla\Firefox\Profiles\hrc7l44c.default\extensions [2012.08.27 09:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.12.31 13:06:11 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 19:47:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2012.09.16 08:21:14 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll () O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll () O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mathias Wehpke\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mathias Wehpke\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe File not found O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EE8BD76-9FC1-4AF5-990F-E32A025E53E6}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81C079F3-6C8E-4AD9-96FB-933E495C684D}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest - No CLSID value found O18 - Protocol\Handler\sacore - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.05 15:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.05 15:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.05 15:58:43 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.05 15:58:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.22 18:40:53 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AudioSuite [2013.01.22 18:40:50 | 000,000,000 | ---D | C] -- C:\AudioSuite [2013.01.11 20:28:35 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\Desktop\MARIANA MP§ PLAYER [2013.01.10 13:00:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.09 03:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2013.01.09 03:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.05 16:22:45 | 000,050,477 | ---- | M] () -- C:\Users\Mathias Wehpke\Desktop\Defogger.exe [2013.02.05 16:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.05 15:58:45 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.05 14:28:04 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.05 14:28:04 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.05 14:28:04 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.05 14:28:04 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.05 14:28:04 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.05 14:26:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.05 05:32:21 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.05 05:32:21 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.05 05:23:32 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013.02.05 05:23:22 | 3203,735,552 | -HS- | M] () -- C:\hiberfil.sys [2013.01.14 18:56:45 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.01.12 10:25:55 | 000,339,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.05 16:22:42 | 000,050,477 | ---- | C] () -- C:\Users\Mathias Wehpke\Desktop\Defogger.exe [2013.02.05 15:58:45 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.06 13:54:47 | 000,000,054 | ---- | C] () -- C:\Users\Mathias Wehpke\AppData\Roaming\asiodriver.ini [2012.08.21 10:14:07 | 000,001,521 | ---- | C] () -- C:\Windows\TVTEmulator.ini [2012.04.16 09:07:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.04.16 09:07:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.04.16 09:07:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.04.16 09:07:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.04.16 09:07:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.04.11 18:49:02 | 000,000,000 | ---- | C] () -- C:\Users\Mathias Wehpke\defogger_reenable [2012.03.06 11:14:21 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2012.03.06 11:14:21 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2012.03.01 22:54:40 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.03.01 21:20:43 | 004,014,540 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.21 13:14:17 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2011.12.21 13:00:18 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.09 03:02:17 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\DVDVideoSoft [2012.10.02 10:15:48 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Image-Line [2012.10.01 21:34:05 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\MAGIX [2012.09.12 08:42:22 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\PacificPoker [2013.01.17 15:22:18 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\SoftGrid Client [2012.10.09 09:35:37 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Telefónica [2012.10.09 12:08:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\TGCMLog [2012.03.08 12:06:33 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Toshiba [2012.03.05 12:51:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\TOSHIBA Online Product Information [2012.03.01 21:22:07 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\TP ========== Purity Check ========== < End of report > GMER Logfile: Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net Rootkit scan 2013-02-05 17:20:19 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 465,76GB Running: gmer_2.0.18454.exe; Driver: C:\Users\MATHIA~1\AppData\Local\Temp\uwloikob.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755e1401 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755e1419 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755e1431 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755e144a 2 bytes [5E, 75] .text ... * 9 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755e14dd 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755e14f5 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755e150d 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755e1525 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755e153d 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755e1555 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755e156d 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755e1585 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755e159d 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755e15b5 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755e15cd 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755e16b2 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755e16bd 2 bytes [5E, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755e1401 2 bytes [5E, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2680] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755e1419 2 bytes [5E, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755e1431 2 bytes [5E, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755e144a 2 bytes [5E, 75] .text ... * 9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2680] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755e14dd 2 bytes [5E, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755e14f5 2 bytes [5E, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2680] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755e150d 2 bytes [5E, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755e1525 2 bytes [5E, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755e153d 2 bytes [5E, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2680] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755e1555 2 bytes [5E, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755e156d 2 bytes [5E, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755e1585 2 bytes [5E, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2680] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755e159d 2 bytes [5E, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755e15b5 2 bytes [5E, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755e15cd 2 bytes [5E, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755e16b2 2 bytes [5E, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755e16bd 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755e1401 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3348] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755e1419 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755e1431 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755e144a 2 bytes [5E, 75] .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3348] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755e14dd 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3348] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755e14f5 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3348] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755e150d 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3348] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755e1525 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755e153d 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3348] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755e1555 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3348] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755e156d 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3348] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755e1585 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3348] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755e159d 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755e15b5 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755e15cd 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3348] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755e16b2 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3348] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755e16bd 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755e1401 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3624] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755e1419 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755e1431 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755e144a 2 bytes [5E, 75] .text ... * 9 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3624] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755e14dd 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755e14f5 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755e150d 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755e1525 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755e153d 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3624] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755e1555 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755e156d 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755e1585 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755e159d 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755e15b5 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755e15cd 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755e16b2 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755e16bd 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755e1401 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3776] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755e1419 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755e1431 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755e144a 2 bytes [5E, 75] .text ... * 9 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3776] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755e14dd 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755e14f5 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755e150d 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755e1525 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755e153d 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3776] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755e1555 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3776] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755e156d 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3776] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755e1585 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755e159d 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755e15b5 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755e15cd 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755e16b2 2 bytes [5E, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755e16bd 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755e1401 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755e1419 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755e1431 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755e144a 2 bytes [5E, 75] .text ... * 9 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755e14dd 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755e14f5 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755e150d 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755e1525 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755e153d 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755e1555 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755e156d 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755e1585 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755e159d 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755e15b5 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755e15cd 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755e16b2 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755e16bd 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000772ef991 8 bytes {MOV EDX, 0x903e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 00000000772ef99b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 00000000772efa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 00000000772efa17 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 00000000772efb25 8 bytes {MOV EDX, 0x90168; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 00000000772efb2f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000772efbd5 8 bytes {MOV EDX, 0x90428; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 00000000772efbdf 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000772efc05 8 bytes {MOV EDX, 0x90368; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 00000000772efc0f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000772efc1d 8 bytes {MOV EDX, 0x90128; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 00000000772efc27 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000772efc35 8 bytes {MOV EDX, 0x904e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 00000000772efc3f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000772efc65 8 bytes {MOV EDX, 0x90528; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 00000000772efc6f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000772efce5 8 bytes {MOV EDX, 0x904a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 00000000772efcef 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000772efcfd 8 bytes {MOV EDX, 0x90468; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 00000000772efd07 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000772efd49 8 bytes {MOV EDX, 0x90068; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 00000000772efd53 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 00000000772efdad 8 bytes {MOV EDX, 0x902e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 00000000772efdb7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000772efe41 8 bytes {MOV EDX, 0x900a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 00000000772efe4b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 00000000772eff89 8 bytes {MOV EDX, 0x902a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 00000000772eff93 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000772f0099 8 bytes {MOV EDX, 0x90028; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 00000000772f00a3 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 00000000772f0781 8 bytes {MOV EDX, 0x90268; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 00000000772f078b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 00000000772f0ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 00000000772f1007 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 00000000772f105d 8 bytes {MOV EDX, 0x90228; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 00000000772f1067 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000772f10a5 8 bytes {MOV EDX, 0x903a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 00000000772f10af 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772f111d 8 bytes {MOV EDX, 0x90328; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 00000000772f1127 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772f1321 8 bytes {MOV EDX, 0x900e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 00000000772f132b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007511103d 5 bytes JMP 0000000100010030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075111072 5 bytes JMP 0000000100010070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 00000000769d119f 5 bytes JMP 0000000100020030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 00000000769d11cf 5 bytes JMP 0000000100020070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 00000000753a4de0 5 bytes JMP 00000001000b03b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!SelectObject 00000000753a4f70 5 bytes JMP 00000001000b05f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000753a51a2 5 bytes JMP 00000001000b08f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!SetTextColor 00000000753a522d 5 bytes JMP 00000001000b0a30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!DeleteObject 00000000753a5689 5 bytes JMP 00000001000b01b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000753a58b3 5 bytes JMP 00000001000b0170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 00000000753a6bad 5 bytes JMP 00000001000b0370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!SaveDC 00000000753a6e05 5 bytes JMP 00000001000b0570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!RestoreDC 00000000753a6ead 5 bytes JMP 00000001000b0530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 00000000753a7180 5 bytes JMP 00000001000b06b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!StretchDIBits 00000000753a7435 5 bytes JMP 00000001000b0770 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000753a7bcc 5 bytes JMP 00000001000b00b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 00000000753a7dc4 5 bytes JMP 00000001000b03f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!GetTextAlign 00000000753a7fd5 5 bytes JMP 00000001000b0d70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000753a82b2 5 bytes JMP 00000001000b0e30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!SetTextAlign 00000000753a8401 5 bytes JMP 00000001000b09f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 00000000753a879f 5 bytes JMP 00000001000b02f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 00000000753a8916 5 bytes JMP 00000001000b05b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 00000000753a8b7a 5 bytes JMP 00000001000b0970 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!MoveToEx 00000000753a8ee6 5 bytes JMP 00000001000b0470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!GetFontData 00000000753a9875 5 bytes JMP 00000001000b0c70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 00000000753a9936 5 bytes JMP 00000001000b0d30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!Rectangle 00000000753aa53a 5 bytes JMP 00000001000b09b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!GetClipBox 00000000753aaf9f 5 bytes JMP 00000001000b0330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!LineTo 00000000753ab9e5 5 bytes JMP 00000001000b0430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!SetICMMode 00000000753abd55 5 bytes JMP 00000001000b0db0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!CreateICW 00000000753ac040 5 bytes JMP 00000001000b0130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 00000000753ac107 5 bytes JMP 00000001000b0670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 00000000753ac269 5 bytes JMP 00000001000b06f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 00000000753ad1f1 5 bytes JMP 00000001000b0df0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 00000000753ad349 5 bytes JMP 00000001000b0630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 00000000753adce4 5 bytes JMP 00000001000b0930 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000753ae743 5 bytes JMP 00000001000b00f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000753b03b7 5 bytes JMP 00000001000b02b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!Escape 00000000753b1bda 5 bytes JMP 00000001000b0270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 00000000753b1e89 5 bytes JMP 00000001000b0cf0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 00000000753b4843 5 bytes JMP 00000001000b0b30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000753b5690 5 bytes JMP 00000001000b0b70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!EndPage 00000000753b6bde 5 bytes JMP 00000001000b0230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000753be2db 5 bytes JMP 00000001000b0ab0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 00000000753c940d 5 bytes JMP 00000001000b0cb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 00000000753cc621 5 bytes JMP 00000001000b0bb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 00000000753cd2b2 5 bytes JMP 00000001000b0bf0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 00000000753cd919 5 bytes JMP 00000001000b0c30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!AbortDoc 00000000753d3adc 5 bytes JMP 00000001000b0030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!EndDoc 00000000753d3f29 5 bytes JMP 00000001000b01f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!StartPage 00000000753d401a 5 bytes JMP 00000001000b0730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!StartDocW 00000000753d4c51 5 bytes JMP 00000001000b07f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000753d53fd 5 bytes JMP 00000001000b0830 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!SelectClipPath 00000000753d5454 5 bytes JMP 00000001000b0af0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000753d54af 5 bytes JMP 00000001000b0070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!EndPath 00000000753d5506 5 bytes JMP 00000001000b0a70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!StrokePath 00000000753d573f 5 bytes JMP 00000001000b07b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!FillPath 00000000753d57d2 5 bytes JMP 00000001000b0870 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!PolylineTo 00000000753d5c44 5 bytes JMP 00000001000b04f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 00000000753d5cd5 5 bytes JMP 00000001000b04b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\GDI32.dll!PolyDraw 00000000753d5d87 5 bytes JMP 00000001000b08b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!MapWindowPoints 0000000074ab8c40 5 bytes JMP 00000001000c0570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000074ab9ebd 5 bytes JMP 00000001000c02b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000074ac0afa 5 bytes JMP 00000001000c02f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!GetClientRect 0000000074ac0c62 7 bytes JMP 00000001000c05b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!GetParent 0000000074ac0f68 7 bytes JMP 00000001000c06f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000074ac112d 7 bytes JMP 00000001000c06b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074ac12a5 5 bytes JMP 00000001000c05f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!ScreenToClient 0000000074ac227d 7 bytes JMP 00000001000c0670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 0000000074ac3150 7 bytes JMP 00000001000c0630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!SetCursor 0000000074ac41f6 5 bytes JMP 00000001000c0530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 0000000074ac68ef 5 bytes JMP 00000001000c0270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 0000000074ac77fa 5 bytes JMP 00000001000c0230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000074ac7887 7 bytes JMP 00000001000c0730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 0000000074ac8676 5 bytes JMP 00000001000c00f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 0000000074ac8696 5 bytes JMP 00000001000c0330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!CloseClipboard 0000000074ac8e8d 5 bytes JMP 00000001000c00b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000074ac8ecb 5 bytes JMP 00000001000c0070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 0000000074acc17b 5 bytes JMP 00000001000c0430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 0000000074acc449 5 bytes JMP 00000001000c01b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 0000000074acc468 5 bytes JMP 00000001000c03f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 0000000074acc486 5 bytes JMP 00000001000c01f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074acc4b6 5 bytes JMP 00000001000c04b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 0000000074acd6c0 5 bytes JMP 00000001000c04f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 0000000074ace360 5 bytes JMP 00000001000c0370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000074af8e57 5 bytes JMP 00000001000c0170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000074af9cfd 5 bytes JMP 00000001000c0770 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074af9f1d 5 bytes JMP 00000001000c0030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000074b17cb9 5 bytes JMP 00000001000c0130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000074b18111 5 bytes JMP 00000001000c0470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 0000000074b1832f 5 bytes JMP 00000001000c03b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 00000000749c9606 5 bytes JMP 00000001001d00f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 00000000749d0581 5 bytes JMP 00000001001d0130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 00000000749d0bb9 5 bytes JMP 00000001001d0270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 00000000749d0c2e 5 bytes JMP 00000001001d01b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 00000000749d0f2e 5 bytes JMP 00000001001d0070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 00000000749d1096 5 bytes JMP 00000001001d00b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000749d124e 5 bytes JMP 00000001001d01f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000749d129d 5 bytes JMP 00000001001d0230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 00000000749d1527 5 bytes JMP 00000001001d0030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 00000000749d1590 5 bytes JMP 00000001001d0170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000075270045 5 bytes JMP 00000001001e0030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000752736b2 5 bytes JMP 00000001001e0070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\ole32.dll!OleGetClipboard 000000007529fdcd 5 bytes JMP 00000001001e00b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000755e1401 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000755e1419 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000755e1431 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000755e144a 2 bytes [5E, 75] .text ... * 9 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755e14dd 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755e14f5 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000755e150d 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000755e1525 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000755e153d 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000755e1555 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000755e156d 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000755e1585 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000755e159d 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755e15b5 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755e15cd 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755e16b2 2 bytes [5E, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755e16bd 2 bytes [5E, 75] ---- Threads - GMER 2.0 ---- Thread C:\Windows\system32\svchost.exe [2708:4924] 000007fef96ee8c4 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{F61CE9EB-3498-4BFB-B999-F1C590C0A797}\Connection@Name isatap.{6C7E5C19-3156-4E3A-BCA6-721F45DD755D} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{BCF51A31-BEC0-4247-94AC-9FE61FDFD4A4}?\Device\{F61CE9EB-3498-4BFB-B999-F1C590C0A797}?\Device\{7BB1C8A9-14ED-4A39-A641-81EA836DC691}?\Device\{125A13C4-C5BE-46D5-B824-A33931265FBD}?\Device\{253FEF62-F4FE-4A10-9A77-85EB5BA83B21}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{BCF51A31-BEC0-4247-94AC-9FE61FDFD4A4}"?"{F61CE9EB-3498-4BFB-B999-F1C590C0A797}"?"{7BB1C8A9-14ED-4A39-A641-81EA836DC691}"?"{125A13C4-C5BE-46D5-B824-A33931265FBD}"?"{253FEF62-F4FE-4A10-9A77-85EB5BA83B21}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{BCF51A31-BEC0-4247-94AC-9FE61FDFD4A4}?\Device\TCPIP6TUNNEL_{F61CE9EB-3498-4BFB-B999-F1C590C0A797}?\Device\TCPIP6TUNNEL_{7BB1C8A9-14ED-4A39-A641-81EA836DC691}?\Device\TCPIP6TUNNEL_{125A13C4-C5BE-46D5-B824-A33931265FBD}?\Device\TCPIP6TUNNEL_{253FEF62-F4FE-4A10-9A77-85EB5BA83B21}? Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{F61CE9EB-3498-4BFB-B999-F1C590C0A797}@InterfaceName isatap.{6C7E5C19-3156-4E3A-BCA6-721F45DD755D} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{F61CE9EB-3498-4BFB-B999-F1C590C0A797}@ReusableType 0 ---- EOF - GMER 2.0 ---- defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:24 on 05/02/2013 (Mathias Wehpke) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.14.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Mathias Wehpke :: MATHIASWEHPKE [Administrator] 05.02.2013 16:00:45 mbam-log-2013-02-05 (16-00-45).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212589 Laufzeit: 8 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Vielen Dank im voraus und nette Grüße Senor d |
05.02.2013, 19:56 | #2 |
/// TB-Ausbilder | habe Malewarebytes,TDSS Killer,OTL und gmer vom Laptop Entfernt und danach ein avira fund ""EXP/JS.Expack.EB" gemacht Ein Thema genügt.
__________________Hier geht es weiter: Habe Antimalwarebytes,TDSS Killer,gMER gelöcht und danach Dieses Thema hier kommt in die Tonne. |
Themen zu habe Malewarebytes,TDSS Killer,OTL und gmer vom Laptop Entfernt und danach ein avira fund ""EXP/JS.Expack.EB" gemacht |
4d36e972-e325-11ce-bfc1-08002be10318, alert, autorun, avg, avg secure search, avira, bho, bildschirm, converter, cursor, defender, desktop, exp/js.expack.eb, fehler, firefox, flash player, format, home, logfile, mozilla, mp3, nodrives, ntdll.dll, ntopenkeyex, object, plug-in, realtek, registry, secure search, software, svchost.exe, tunnel, usb, vtoolbarupdater, windows |