Guten Morgen, entschuldige bitte, aber das war mein Fehler.
Ich bin es wahrscheinlich gewohnt alles in den Anhang zu geben, um Platz im eigentlich Posting zu sparen bzw. die Übersichtlichkeit zu bewahren. Ich hol das jetzt gleich nach und poste es richtig:
OTL (die OTL.txt vom Wochenende hab ich leider gelöscht. Hab sie nochmal erstellt. Leider kam hier keine Extra.txt mit raus. Daher konnte ich keine beifügen): Code:
OTL logfile created on: 08.01.2013 05:04:59 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chaos\Downloads\Viren
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,11 Gb Available Physical Memory | 76,53% Memory free
15,95 Gb Paging File | 13,55 Gb Available in Paging File | 84,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1346,17 Gb Total Space | 1289,24 Gb Free Space | 95,77% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 21,25 Gb Free Space | 42,50% Space Free | Partition Type: NTFS
Computer Name: CHAOS-PC | User Name: Chaos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.01.06 18:29:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chaos\Downloads\Viren\OTL.exe
PRC - [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.09.17 04:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe
PRC - [2012.09.11 04:04:03 | 001,617,432 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe
PRC - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.24 11:19:14 | 000,306,216 | ---- | M] (G Data Software) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe
PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012.01.27 04:13:02 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe
PRC - [2012.01.27 03:43:34 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe
PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.07.14 03:24:08 | 000,049,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
========== Modules (No Company Name) ==========
MOD - [2012.12.05 02:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012.12.05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
MOD - [2012.12.05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012.12.05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012.12.05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012.12.05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012.12.05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012.12.05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
========== Services (SafeList) ==========
SRV:64bit: - [2011.07.14 03:23:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.04.26 16:47:28 | 000,095,896 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2008.02.19 08:12:32 | 000,565,928 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbkcoms.exe -- (lxbk_device)
SRV - [2012.12.12 05:27:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.11 04:04:03 | 001,617,432 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2012.08.30 04:06:18 | 002,011,568 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.04 10:50:20 | 001,766,464 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.05.24 11:19:14 | 000,306,216 | ---- | M] (G Data Software) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe -- (TSNxGService)
SRV - [2012.05.14 04:26:47 | 001,218,552 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)
SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.01.27 03:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe -- (AVKService)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.10.07 10:23:08 | 000,070,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2011.09.28 01:47:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.02.19 08:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbkcoms.exe -- (lxbk_device)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.12.09 12:36:46 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.12.09 12:36:46 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.10.30 11:50:14 | 000,060,320 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2012.10.30 11:48:57 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012.10.30 11:48:57 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.10.30 11:48:57 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.08.05 11:46:17 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012.07.12 10:49:04 | 000,098,760 | ---- | M] (G Data Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TS4nt.sys -- (TS4NT)
DRV:64bit: - [2012.07.12 10:48:53 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.17 08:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.08.17 08:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.08.17 08:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.08.17 08:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.08.02 01:47:30 | 000,391,144 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.08.02 01:47:30 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.06.24 15:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011.06.10 13:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.15 19:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011.04.15 19:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.25 14:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.23 21:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010.02.18 18:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4\WNt500x64\Sandra.sys -- (SANDRA)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.09.10 08:50:16 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {9C31B4E0-C196-4E7D-B735-D3A4DC9080BA}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9C31B4E0-C196-4E7D-B735-D3A4DC9080BA}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_deDE483
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
========== Chrome ==========
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Chaos\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Chaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSNxG4Tray] "C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGTray.exe" /system File not found
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_9C355F266C25602F9C5EB5F430276502] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chaos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chaos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.33 83.169.186.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CB084D1-3687-469C-A0FE-6D48E932050D}: DhcpNameServer = 83.169.186.33 83.169.186.97
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{13ef84bd-41e0-11e2-8d63-8c89a5a001e9}\Shell - "" = AutoRun
O33 - MountPoints2\{13ef84bd-41e0-11e2-8d63-8c89a5a001e9}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{a8772375-4ba4-11e2-a718-8c89a5a001e9}\Shell - "" = AutoRun
O33 - MountPoints2\{a8772375-4ba4-11e2-a718-8c89a5a001e9}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.06 18:22:14 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\{33C93089-642B-43E0-8842-BC3D78053B32}
[2013.01.06 18:21:50 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Roaming\Windows Live Writer
[2013.01.06 18:21:50 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\Windows Live Writer
[2013.01.06 16:17:10 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.06 16:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.06 14:59:59 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Roaming\Malwarebytes
[2013.01.06 14:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.06 14:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.06 14:59:41 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.06 14:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.06 14:59:05 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\Programs
[2012.12.29 05:38:27 | 000,016,504 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2012.12.28 21:04:53 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.12.15 07:33:39 | 000,000,000 | ---D | C] -- C:\Users\Chaos\Podcasts
[2012.12.15 07:33:39 | 000,000,000 | ---D | C] -- C:\Users\Chaos\Documents\Media Go
[2012.12.15 07:31:24 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\Sony
[2012.12.15 07:31:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2012.12.15 07:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2012.12.15 07:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install
[2012.12.15 07:29:06 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Roaming\Sony
[2012.12.09 12:36:46 | 000,027,760 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2012.12.09 12:36:46 | 000,014,448 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2012.12.09 12:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2012.12.09 12:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
[2012.12.09 12:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012.12.09 12:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012.12.09 12:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012.12.09 11:59:36 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\{BADA8E17-556E-46A8-930C-8424DD7B818E}
[2012.12.09 11:59:19 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\{13DE547A-B68E-4071-AEF4-47805C10AF03}
[2012.12.09 11:58:41 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\{5FFA9DF3-1D61-41DB-9286-B460C251DF1F}
========== Files - Modified Within 30 Days ==========
[2013.01.08 04:44:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.08 04:37:23 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.08 04:37:23 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.08 04:35:21 | 000,939,455 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.01.08 04:35:21 | 000,050,827 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.01.08 04:30:18 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.08 04:30:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.08 04:30:08 | 2129,477,631 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.07 19:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.06 18:28:11 | 000,000,000 | ---- | M] () -- C:\Users\Chaos\defogger_reenable
[2013.01.06 16:17:10 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2013.01.06 14:59:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.31 07:44:52 | 000,002,275 | ---- | M] () -- C:\Users\Chaos\Desktop\Free MP4 Video Converter.lnk
[2012.12.29 05:38:27 | 000,016,504 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2012.12.28 06:37:55 | 000,002,889 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.21 18:58:12 | 000,309,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.15 07:31:32 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Media Go.lnk
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.13 15:45:51 | 000,002,712 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.10 17:51:53 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.12.09 12:43:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2012.12.09 12:43:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2012.12.09 12:36:46 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2012.12.09 12:36:46 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2012.12.09 12:32:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.09 12:32:30 | 000,654,006 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.09 12:32:30 | 000,615,888 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.09 12:32:30 | 000,129,878 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.09 12:32:30 | 000,106,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
========== Files Created - No Company Name ==========
[2013.01.06 18:28:11 | 000,000,000 | ---- | C] () -- C:\Users\Chaos\defogger_reenable
[2013.01.06 16:17:10 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2013.01.06 14:59:48 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.31 07:44:52 | 000,002,275 | ---- | C] () -- C:\Users\Chaos\Desktop\Free MP4 Video Converter.lnk
[2012.12.28 06:37:55 | 000,002,889 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.15 07:31:32 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Media Go.lnk
[2012.12.09 12:43:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2012.12.09 12:43:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2012.12.09 12:34:06 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.05.13 06:19:54 | 011,563,008 | ---- | C] () -- C:\Users\Chaos\AppData\Roaming\Sandra.mdb
[2012.05.13 05:04:23 | 000,939,455 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.05.12 14:51:28 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2012.05.12 14:51:28 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2012.05.12 14:51:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2012.05.12 14:51:28 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2012.05.12 14:51:28 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2012.05.12 14:51:28 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2012.05.12 14:51:28 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2012.05.12 14:51:28 | 000,180,904 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe
[2012.05.12 14:51:28 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2012.05.12 14:51:27 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2012.05.12 14:51:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2012.05.12 14:51:27 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2012.05.12 14:51:27 | 000,537,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe
[2012.05.12 14:51:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2012.05.12 14:51:27 | 000,385,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe
[2012.05.12 14:51:27 | 000,381,608 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe
[2012.05.12 14:51:27 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll
[2012.05.12 14:39:30 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.05.12 14:14:06 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.14 03:55:06 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.08.25 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\Chaos\AppData\Roaming\Amazon
[2012.12.31 07:44:52 | 000,000,000 | ---D | M] -- C:\Users\Chaos\AppData\Roaming\DVDVideoSoft
[2012.11.18 15:47:09 | 000,000,000 | ---D | M] -- C:\Users\Chaos\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.15 07:33:37 | 000,000,000 | ---D | M] -- C:\Users\Chaos\AppData\Roaming\Sony
[2013.01.06 18:21:50 | 000,000,000 | ---D | M] -- C:\Users\Chaos\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
defogger.disable: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:28 on 06/01/2013 (Chaos)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
gmr Quickscan: Code:
GMER 2.0.18437 - hxxp://www.gmer.net
Rootkit scan 2013-01-06 20:07:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000069 ST1500DL rev.CC4A 1397,27GB
Running: q51xvcbb.exe; Driver: C:\Users\Chaos\AppData\Local\Temp\fwdoqpog.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b71401 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b71419 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b71431 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b7144a 2 bytes [B7, 77]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b714dd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b714f5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b7150d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b71525 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b7153d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b71555 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b7156d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b71585 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b7159d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b715b5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b715cd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b716b2 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b716bd 2 bytes [B7, 77]
? C:\Windows\system32\mssprxy.dll [3804] entry point in ".rdata" section 0000000074ec71e6
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b71401 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b71419 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b71431 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b7144a 2 bytes [B7, 77]
.text ... * 9
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b714dd 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b714f5 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b7150d 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b71525 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b7153d 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b71555 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b7156d 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b71585 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b7159d 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b715b5 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b715cd 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b716b2 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b716bd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bbf991 7 bytes {MOV EDX, 0x5bb228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bbfbd5 7 bytes {MOV EDX, 0x5bb268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bbfc05 7 bytes {MOV EDX, 0x5bb1a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bbfc1d 7 bytes {MOV EDX, 0x5bb128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bbfc35 7 bytes {MOV EDX, 0x5bb328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bbfc65 7 bytes {MOV EDX, 0x5bb368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bbfce5 7 bytes {MOV EDX, 0x5bb2e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bbfcfd 7 bytes {MOV EDX, 0x5bb2a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bbfd49 7 bytes {MOV EDX, 0x5bb068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bbfe41 7 bytes {MOV EDX, 0x5bb0a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077bc0099 7 bytes {MOV EDX, 0x5bb028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077bc10a5 7 bytes {MOV EDX, 0x5bb1e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077bc111d 7 bytes {MOV EDX, 0x5bb168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077bc1321 7 bytes {MOV EDX, 0x5bb0e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b71401 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b71419 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b71431 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b7144a 2 bytes [B7, 77]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b714dd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b714f5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b7150d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b71525 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b7153d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b71555 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b7156d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b71585 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b7159d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b715b5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b715cd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b716b2 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b716bd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bbf991 7 bytes {MOV EDX, 0x661628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bbfbd5 7 bytes {MOV EDX, 0x661668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bbfc05 7 bytes {MOV EDX, 0x6615a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bbfc1d 7 bytes {MOV EDX, 0x661528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bbfc35 7 bytes {MOV EDX, 0x661728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bbfc65 7 bytes {MOV EDX, 0x661768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bbfce5 7 bytes {MOV EDX, 0x6616e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bbfcfd 7 bytes {MOV EDX, 0x6616a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bbfd49 7 bytes {MOV EDX, 0x661468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bbfe41 7 bytes {MOV EDX, 0x6614a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077bc0099 7 bytes {MOV EDX, 0x661428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077bc10a5 7 bytes {MOV EDX, 0x6615e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077bc111d 7 bytes {MOV EDX, 0x661568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077bc1321 7 bytes {MOV EDX, 0x6614e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b71401 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b71419 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b71431 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b7144a 2 bytes [B7, 77]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b714dd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b714f5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b7150d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b71525 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b7153d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b71555 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b7156d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b71585 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b7159d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b715b5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b715cd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b716b2 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b716bd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b71401 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b71419 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b71431 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b7144a 2 bytes [B7, 77]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b714dd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b714f5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b7150d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b71525 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b7153d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b71555 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b7156d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b71585 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b7159d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b715b5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b715cd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b716b2 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b716bd 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b71401 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b71419 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b71431 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b7144a 2 bytes [B7, 77]
.text ... * 9
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b714dd 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b714f5 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b7150d 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b71525 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b7153d 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b71555 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b7156d 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b71585 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b7159d 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b715b5 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b715cd 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b716b2 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b716bd 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b71401 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b71419 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b71431 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b7144a 2 bytes [B7, 77]
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b714dd 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b714f5 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b7150d 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b71525 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b7153d 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b71555 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b7156d 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b71585 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b7159d 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b715b5 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b715cd 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b716b2 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b716bd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bbf991 7 bytes {MOV EDX, 0x436228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bbfbd5 7 bytes {MOV EDX, 0x436268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bbfc05 7 bytes {MOV EDX, 0x4361a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bbfc1d 7 bytes {MOV EDX, 0x436128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bbfc35 7 bytes {MOV EDX, 0x436328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bbfc65 7 bytes {MOV EDX, 0x436368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bbfce5 7 bytes {MOV EDX, 0x4362e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bbfcfd 7 bytes {MOV EDX, 0x4362a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bbfd49 7 bytes {MOV EDX, 0x436068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bbfe41 7 bytes {MOV EDX, 0x4360a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077bc0099 7 bytes {MOV EDX, 0x436028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077bc10a5 7 bytes {MOV EDX, 0x4361e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077bc111d 7 bytes {MOV EDX, 0x436168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077bc1321 7 bytes {MOV EDX, 0x4360e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b71401 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b71419 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b71431 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b7144a 2 bytes [B7, 77]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b714dd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b714f5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b7150d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b71525 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b7153d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b71555 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b7156d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b71585 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b7159d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b715b5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b715cd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b716b2 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b716bd 2 bytes [B7, 77]
---- User IAT/EAT - GMER 2.0 ----
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef3742750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef3742b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef3747de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef3748130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef3741908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef3741c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef37481d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef3742878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef3747a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef3746c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef37477bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef3747064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef3746544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef3745e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:2124] 000000001004aa30
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:4696] 000000001004a8f0
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5128] 000000001005cfb2
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5136] 0000000073b6345e
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5140] 0000000073b6345e
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5144] 0000000073b6345e
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5148] 0000000073b6345e
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5152] 0000000073b6345e
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5156] 0000000073b6345e
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5160] 0000000073b6345e
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5184] 0000000073b6345e
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5360] 000000001005cfb2
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5196] 0000000010059710
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5280] 0000000010059710
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5576] 0000000010059710
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5584] 0000000010059710
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:2964] 0000000010059710
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:196] 000000001005cfb2
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:3144] 0000000010059710
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5408] 0000000010059710
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:6668] 0000000010059710
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:456] 0000000010059710
Thread C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1908:3688] 0000000072b61a8f
Thread C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:2216] 0000000077bf2e25
Thread C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:2224] 0000000072fff704
Thread C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:2228] 0000000072eea356
Thread C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:2232] 0000000072eea356
Thread C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:2236] 0000000072eea356
Thread C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:2244] 0000000076e47587
Thread C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:8432] 0000000077bf3e45
Thread C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [3788:3876] 000000007271b0dd
Thread C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [3788:136] 0000000072715822
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4632:5108] 000007fefc692a7c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4632:3048] 000000006b7d6c88
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964] 0000000076860000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1908] 0000000004520000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe [1956] 0000000076860000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [3788] 0000000072810000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3912] 0000000074ea0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe [4004] 00000000752e0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4632] 0000000074a20000
Library ? (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [1576] 000007fefe4e0000
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.0 ----
Log GData VirenScan 06.01.13 Code:
Virenprüfung mit G Data TotalProtection 2013
Version 23.0.5.9 (17.09.2012)
Virensignaturen vom 06.01.2013
Startzeit: 06.01.2013 14:22:45
Engine(s): Engine A (AVA 22.7327), Engine B (AVL 22.1443)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein
Prüfung der Systembereiche...
Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart...
Analyse vorzeitig abgebrochen: 06.01.2013 14:35:37
855 Dateien überprüft
1 infizierte Dateien gefunden
0 verdächtige Dateien gefunden
Archiv: 7a59efdb-510ba4e8
Pfad: C:\Users\Chaos\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27
Status: Datei in Quarantäne. Es ist ein Neustart erforderlich.
Virus: Exploit.Java.CVE.Z (2x) (Engine A)
Objekt: ewjvaiwebvhtuai124a.class
In Archiv: C:\Users\Chaos\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7a59efdb-510ba4e8
Status: Virus gefunden
Virus: Exploit.Java.CVE.Z (Engine A)
Objekt: test.class
In Archiv: C:\Users\Chaos\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7a59efdb-510ba4e8
Status: Virus gefunden
Virus: Exploit.Java.CVE.Z (Engine A)
Der Zugriff auf die folgenden Dateien wurde verweigert:
C:\Windows\system32\Drivers\SSPORT.sys
Log Malwarebytes: Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Datenbank Version: v2013.01.06.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chaos :: CHAOS-PC [limitiert]
06.01.2013 15:01:40
mbam-log-2013-01-06 (15-01-40).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 727839
Laufzeit: 2 Stunde(n), 8 Minute(n), 15 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
Bye und nochmals ein Entschuldigung... :wtf:
Die Log vom Virenscan 291212 und den Code vom GMR Scan (mit Abbruch) konnte ich hier nicht einfügen. Hier bekam ich die Meldung, dass die Datei zu groß ist. Im Startthread hängen sie im Angang. Vielen Dank für die Antwort und bis heute Abend. Liebe Grüße |
