ichbins2000 | 16.04.2013 07:20 | Code:
OTL logfile created on: 15.04.2013 21:33:10 - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\julian\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 71,22% Memory free
7,60 Gb Paging File | 6,33 Gb Available in Paging File | 83,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 272,65 Gb Free Space | 91,50% Space Free | Partition Type: NTFS
Computer Name: JULIAN-PC | User Name: julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.14 12:11:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\julian\Desktop\OTL (2).exe
PRC - [2012.08.18 19:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe
PRC - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
========== Modules (No Company Name) ==========
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.1.0.24\wincfi39.dll
========== Services (SafeList) ==========
SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.08.18 19:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe -- (N360)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.04.12 18:12:27 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013.04.12 18:08:07 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.11.22 20:51:26 | 003,831,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012.08.10 19:26:44 | 000,776,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.08.07 23:18:20 | 001,132,192 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012.08.06 19:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012.07.27 21:25:32 | 000,493,216 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012.07.27 21:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.07.22 19:34:24 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.05.24 23:36:56 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.10 14:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.08.23 05:12:58 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.02.26 23:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.12 01:48:04 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.04.14 16:45:27 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130415.003\ex64.sys -- (NAVEX15)
DRV - [2013.04.14 16:45:27 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130415.003\eng64.sys -- (NAVENG)
DRV - [2013.04.11 15:41:06 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130412.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013.03.22 02:09:06 | 001,387,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.08.18 03:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.08.18 03:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 12815830
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 33 AD E8 99 37 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013.04.12 18:08:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.04.15 20:50:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 00:17:48 | 000,000,000 | ---D | M]
[2013.04.14 00:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\julian\AppData\Roaming\mozilla\Extensions
[2013.04.14 00:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\julian\AppData\Roaming\mozilla\Firefox\Profiles\56ltp904.default\extensions
[2013.04.14 00:19:00 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\julian\AppData\Roaming\mozilla\firefox\profiles\56ltp904.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.04.14 00:18:52 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\julian\AppData\Roaming\mozilla\firefox\profiles\56ltp904.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.14 00:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.0.32_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\
CHR - Extension: Google Mail = C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01F18D0A-DAFE-4135-9A93-5D1B88D1F6F0}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B5833FF-F0BD-44D6-91F9-7632BCBDE04E}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.15 21:30:53 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Diagnostics
[2013.04.15 21:26:59 | 000,000,000 | ---D | C] -- C:\hijackthis
[2013.04.14 17:06:37 | 000,000,000 | ---D | C] -- C:\Users\julian\Desktop\Trojaner Board
[2013.04.14 16:18:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\julian\Desktop\OTL (2).exe
[2013.04.14 16:11:25 | 000,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2013.04.14 01:07:10 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
[2013.04.14 01:07:02 | 000,000,000 | ---D | C] -- C:\xampp
[2013.04.14 00:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.04.14 00:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.04.14 00:17:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.14 00:06:37 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\uTorrent
[2013.04.13 23:43:11 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Mozilla
[2013.04.13 23:43:11 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Mozilla
[2013.04.13 23:34:44 | 000,000,000 | ---D | C] -- C:\Users\julian\Desktop\Tor Browser
[2013.04.13 22:24:02 | 000,000,000 | ---D | C] -- C:\Users\julian\Desktop\mbar
[2013.04.13 22:23:32 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\WinRAR
[2013.04.13 22:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.04.13 22:23:29 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.04.13 22:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2013.04.13 21:43:05 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Malwarebytes
[2013.04.13 21:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.13 21:42:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.13 21:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.13 21:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.13 21:42:40 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\QuickScan
[2013.04.13 20:06:09 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Wireshark
[2013.04.13 20:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013.04.13 20:01:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2013.04.13 20:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wireshark
[2013.04.13 12:33:10 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Process Hacker 2
[2013.04.13 12:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2013.04.13 12:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2013.04.13 00:01:45 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Eraser 6
[2013.04.12 23:58:11 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Wise Registry Cleaner
[2013.04.12 23:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
[2013.04.12 23:57:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2013.04.12 23:57:44 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Programs
[2013.04.12 23:51:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013.04.12 23:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.04.12 23:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.04.12 23:46:56 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Skype
[2013.04.12 23:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.04.12 23:46:31 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.04.12 23:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.12 23:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.04.12 23:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2013.04.12 23:41:37 | 000,000,000 | R--D | C] -- C:\Sandbox
[2013.04.12 20:57:15 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Vitalwerks
[2013.04.12 20:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.04.12 20:29:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.12 20:28:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.04.12 20:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.04.12 19:41:01 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.04.12 19:36:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.04.12 19:36:43 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Google
[2013.04.12 19:35:18 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Apps
[2013.04.12 19:35:17 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Deployment
[2013.04.12 18:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2013.04.12 18:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP
[2013.04.12 18:37:57 | 000,000,000 | ---D | C] -- C:\Users\julian\Desktop\jRAT2.3
[2013.04.12 18:37:56 | 000,000,000 | ---D | C] -- C:\Users\julian\Desktop\jrat 3.2.2
[2013.04.12 18:37:54 | 000,000,000 | ---D | C] -- C:\Users\julian\Desktop\jRAT
[2013.04.12 18:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013.04.12 18:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013.04.12 18:17:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2013.04.12 18:17:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.04.12 18:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.04.12 18:16:51 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013.04.12 18:16:51 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.04.12 18:16:51 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013.04.12 18:16:51 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.04.12 18:16:51 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.04.12 18:16:51 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.04.12 18:16:51 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013.04.12 18:16:51 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013.04.12 18:16:51 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013.04.12 18:16:50 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013.04.12 18:16:50 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013.04.12 18:16:50 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.04.12 18:16:50 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.04.12 18:16:50 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.04.12 18:16:50 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.04.12 18:16:50 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013.04.12 18:16:50 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013.04.12 18:16:50 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.04.12 18:16:50 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.04.12 18:16:50 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013.04.12 18:16:49 | 009,546,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2013.04.12 18:16:49 | 002,714,720 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.04.12 18:16:49 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2013.04.12 18:16:49 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.04.12 18:16:49 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.04.12 18:16:49 | 000,869,752 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.04.12 18:16:49 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013.04.12 18:16:49 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.04.12 18:16:49 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013.04.12 18:16:49 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013.04.12 18:16:49 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013.04.12 18:16:49 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.04.12 18:16:48 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.04.12 18:16:48 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.04.12 18:16:48 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.04.12 18:16:48 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.04.12 18:16:48 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.04.12 18:16:48 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.04.12 18:16:48 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.04.12 18:16:48 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013.04.12 18:16:48 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013.04.12 18:16:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.04.12 18:16:47 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.04.12 18:16:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.04.12 18:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.04.12 18:16:16 | 000,000,000 | ---D | C] -- C:\Intel
[2013.04.12 18:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qualcomm Atheros
[2013.04.12 18:15:37 | 003,831,808 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2013.04.12 18:15:37 | 003,831,808 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2013.04.12 18:15:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.04.12 18:15:37 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2013.04.12 18:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Qualcomm Atheros
[2013.04.12 18:14:54 | 000,000,000 | ---D | C] -- C:\Users\julian\Desktop\Treiber
[2013.04.12 18:13:00 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\TrueCrypt
[2013.04.12 18:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2013.04.12 18:12:27 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013.04.12 18:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2013.04.12 18:08:07 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.04.12 18:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013.04.12 18:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013.04.12 18:07:45 | 001,132,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA64.sys
[2013.04.12 18:07:45 | 000,776,352 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.sys
[2013.04.12 18:07:45 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS64.sys
[2013.04.12 18:07:45 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symnets.sys
[2013.04.12 18:07:45 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Ironx64.sys
[2013.04.12 18:07:45 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.sys
[2013.04.12 18:07:45 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymELAM.sys
[2013.04.12 18:07:44 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.sys
[2013.04.12 18:07:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013.04.12 18:07:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1401000.018
[2013.04.12 18:07:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013.04.12 18:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013.04.12 18:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013.04.12 18:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013.04.12 18:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013.04.12 18:03:45 | 000,000,000 | R--D | C] -- C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.04.12 18:03:45 | 000,000,000 | R--D | C] -- C:\Users\julian\Searches
[2013.04.12 18:03:45 | 000,000,000 | R--D | C] -- C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.04.12 18:03:27 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Identities
[2013.04.12 18:03:19 | 000,000,000 | R--D | C] -- C:\Users\julian\Contacts
[2013.04.12 18:03:16 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\VirtualStore
[2013.04.12 18:02:50 | 000,000,000 | --SD | C] -- C:\Users\julian\AppData\Roaming\Microsoft
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\Videos
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\Saved Games
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\Pictures
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\Music
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\Links
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\Favorites
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\Downloads
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\Documents
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\Desktop
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Vorlagen
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\AppData\Local\Verlauf
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\AppData\Local\Temporary Internet Files
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Startmenü
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\SendTo
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Recent
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Netzwerkumgebung
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Lokale Einstellungen
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Documents\Eigene Videos
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Documents\Eigene Musik
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Eigene Dateien
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Documents\Eigene Bilder
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Druckumgebung
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Cookies
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\AppData\Local\Anwendungsdaten
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Anwendungsdaten
[2013.04.12 18:02:50 | 000,000,000 | -H-D | C] -- C:\Users\julian\AppData
[2013.04.12 18:02:50 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Temp
[2013.04.12 18:02:50 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Microsoft
[2013.04.12 18:02:50 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Media Center Programs
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.04.12 17:58:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.04.12 17:55:58 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.04.12 17:55:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.04.12 10:50:57 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.04.12 10:50:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\OEM
========== Files - Modified Within 30 Days ==========
[2013.04.15 21:30:18 | 000,000,000 | ---- | M] () -- C:\Users\julian\defogger_reenable
[2013.04.15 21:14:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.15 20:58:11 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 20:58:11 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 20:49:35 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.15 20:49:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.15 20:49:11 | 3061,190,656 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.14 22:05:29 | 003,085,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.14 22:05:29 | 000,684,954 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013.04.14 22:05:29 | 000,680,010 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013.04.14 22:05:29 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.14 22:05:29 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.14 22:05:29 | 000,127,070 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013.04.14 22:05:29 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.14 22:05:29 | 000,124,006 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013.04.14 22:05:29 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.14 16:13:34 | 002,134,031 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Cat.DB
[2013.04.14 12:11:51 | 000,377,856 | ---- | M] () -- C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe
[2013.04.14 12:11:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\julian\Desktop\OTL (2).exe
[2013.04.14 02:12:06 | 000,001,398 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013.04.14 01:46:03 | 005,334,340 | ---- | M] () -- C:\Users\julian\host 192.168.2.106 and udp port 56515
[2013.04.14 01:42:16 | 000,101,452 | ---- | M] () -- C:\Users\julian\host 192.168.2.106 and udp port 555
[2013.04.14 01:39:57 | 000,000,344 | ---- | M] () -- C:\Users\julian\host 192.168.2.105 and udp port 555
[2013.04.14 01:37:26 | 000,000,344 | ---- | M] () -- C:\Users\julian\192.168.2.105 and udp port 555
[2013.04.14 01:30:47 | 001,706,746 | ---- | M] () -- C:\Users\julian\Desktop\jRAT3.2.3_4.zip
[2013.04.14 01:07:12 | 000,000,614 | ---- | M] () -- C:\Users\julian\Desktop\XAMPP Control Panel.lnk
[2013.04.14 00:17:56 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.13 21:42:49 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.13 20:05:40 | 000,000,344 | ---- | M] () -- C:\Users\julian\192.168.2.105 and udp 999
[2013.04.13 12:32:48 | 000,001,841 | ---- | M] () -- C:\Users\julian\Desktop\Process Hacker 2.lnk
[2013.04.12 23:57:54 | 000,001,227 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2013.04.12 23:53:58 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\VT20130115.021
[2013.04.12 23:49:34 | 000,019,478 | ---- | M] () -- C:\Users\julian\Documents\ccleaner backup vom scann.reg
[2013.04.12 23:47:54 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.04.12 23:46:32 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.04.12 23:45:35 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\Eraser.lnk
[2013.04.12 23:40:46 | 000,000,914 | ---- | M] () -- C:\Users\julian\Desktop\Sandboxie Web Browser.lnk
[2013.04.12 20:14:54 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.12 18:21:32 | 000,015,970 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013.04.12 18:12:32 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2013.04.12 18:12:27 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013.04.12 18:08:07 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.04.12 18:08:07 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.04.12 18:08:07 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.04.12 18:08:00 | 000,002,409 | ---- | M] () -- C:\Users\julian\Desktop\Norton 360.lnk
[2013.04.12 18:04:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.04.12 18:00:51 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.12 17:59:30 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.04.12 17:59:30 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.01 19:45:22 | 209,715,200 | ---- | M] () -- C:\Users\julian\Desktop\Diesimpsons.flv
[2013.03.28 12:57:32 | 524,288,000 | ---- | M] () -- C:\Users\julian\Desktop\drivercontainer
========== Files Created - No Company Name ==========
[2013.04.15 21:30:18 | 000,000,000 | ---- | C] () -- C:\Users\julian\defogger_reenable
[2013.04.14 16:18:46 | 000,377,856 | ---- | C] () -- C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe
[2013.04.14 01:44:09 | 005,334,340 | ---- | C] () -- C:\Users\julian\host 192.168.2.106 and udp port 56515
[2013.04.14 01:40:13 | 000,101,452 | ---- | C] () -- C:\Users\julian\host 192.168.2.106 and udp port 555
[2013.04.14 01:39:40 | 000,000,344 | ---- | C] () -- C:\Users\julian\host 192.168.2.105 and udp port 555
[2013.04.14 01:37:22 | 000,000,344 | ---- | C] () -- C:\Users\julian\192.168.2.105 and udp port 555
[2013.04.14 01:30:50 | 001,706,746 | ---- | C] () -- C:\Users\julian\Desktop\jRAT3.2.3_4.zip
[2013.04.14 01:07:11 | 000,000,614 | ---- | C] () -- C:\Users\julian\Desktop\XAMPP Control Panel.lnk
[2013.04.14 00:17:56 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.14 00:17:52 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.13 21:42:49 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.13 20:05:19 | 000,000,344 | ---- | C] () -- C:\Users\julian\192.168.2.105 and udp 999
[2013.04.13 20:01:22 | 000,001,740 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2013.04.13 12:32:47 | 000,001,841 | ---- | C] () -- C:\Users\julian\Desktop\Process Hacker 2.lnk
[2013.04.12 23:57:54 | 000,001,227 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2013.04.12 23:54:55 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\VT20130115.021
[2013.04.12 23:49:24 | 000,019,478 | ---- | C] () -- C:\Users\julian\Documents\ccleaner backup vom scann.reg
[2013.04.12 23:47:53 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.04.12 23:46:32 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.04.12 23:45:34 | 000,001,759 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2013.04.12 23:45:34 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\Eraser.lnk
[2013.04.12 23:41:02 | 000,000,914 | ---- | C] () -- C:\Users\julian\Desktop\Sandboxie Web Browser.lnk
[2013.04.12 23:41:00 | 000,001,398 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013.04.12 20:14:53 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.12 20:09:57 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.12 20:09:54 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.12 18:21:32 | 000,015,970 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013.04.12 18:16:50 | 000,378,949 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.04.12 18:15:38 | 000,523,828 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2013.04.12 18:15:37 | 000,078,369 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2013.04.12 18:12:32 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2013.04.12 18:08:11 | 002,134,031 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Cat.DB
[2013.04.12 18:08:07 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.04.12 18:08:07 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.04.12 18:08:00 | 000,002,409 | ---- | C] () -- C:\Users\julian\Desktop\Norton 360.lnk
[2013.04.12 18:07:38 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA.inf
[2013.04.12 18:07:38 | 000,002,851 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS.inf
[2013.04.12 18:07:38 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymNet.inf
[2013.04.12 18:07:38 | 000,001,436 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.inf
[2013.04.12 18:07:38 | 000,001,418 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.inf
[2013.04.12 18:07:38 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symELAM.inf
[2013.04.12 18:07:38 | 000,000,854 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.inf
[2013.04.12 18:07:38 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Iron.inf
[2013.04.12 18:07:27 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymELAM64.cat
[2013.04.12 18:07:27 | 000,008,942 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymVTcer.dat
[2013.04.12 18:07:27 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.cat
[2013.04.12 18:07:27 | 000,007,605 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.cat
[2013.04.12 18:07:27 | 000,007,603 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA64.cat
[2013.04.12 18:07:27 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symnet64.cat
[2013.04.12 18:07:27 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.cat
[2013.04.12 18:07:27 | 000,007,597 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS64.cat
[2013.04.12 18:07:27 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\iron.cat
[2013.04.12 18:07:27 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\isolate.ini
[2013.04.12 18:06:28 | 524,288,000 | ---- | C] () -- C:\Users\julian\Desktop\drivercontainer
[2013.04.12 18:06:10 | 209,715,200 | ---- | C] () -- C:\Users\julian\Desktop\Diesimpsons.flv
[2013.04.12 18:04:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.04.12 18:03:57 | 000,001,405 | ---- | C] () -- C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.04.12 18:03:48 | 000,001,439 | ---- | C] () -- C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.04.12 17:59:22 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.04.12 17:59:12 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.04.12 17:55:01 | 3061,190,656 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.10 14:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012.01.10 14:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012.01.10 14:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012.01.10 13:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.02.18 10:07:44 | 014,163,456 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.02.18 09:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.04.13 12:33:10 | 000,000,000 | ---D | M] -- C:\Users\julian\AppData\Roaming\Process Hacker 2
[2013.04.15 21:29:17 | 000,000,000 | ---D | M] -- C:\Users\julian\AppData\Roaming\QuickScan
[2013.04.14 04:03:18 | 000,000,000 | ---D | M] -- C:\Users\julian\AppData\Roaming\TrueCrypt
[2013.04.14 00:13:52 | 000,000,000 | ---D | M] -- C:\Users\julian\AppData\Roaming\uTorrent
[2013.04.13 20:06:09 | 000,000,000 | ---D | M] -- C:\Users\julian\AppData\Roaming\Wireshark
[2013.04.12 23:59:12 | 000,000,000 | ---D | M] -- C:\Users\julian\AppData\Roaming\Wise Registry Cleaner
========== Purity Check ==========
< End of report > Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-15 21:50:19
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM321HI rev.2AJ10002 298,09GB
Running: gmer_2.1.19163 (2).exe; Driver: C:\Users\julian\AppData\Local\Temp\uxdiqpod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007728fc40 5 bytes JMP 000000010025091c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007728fda4 5 bytes JMP 0000000100250048
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007728fe38 5 bytes JMP 00000001002502ee
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007728ff94 5 bytes JMP 00000001002504b2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007728ffc8 5 bytes JMP 00000001002509fe
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007728fff8 5 bytes JMP 0000000100250ae0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077290014 2 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 3 0000000077290017 2 bytes [D9, 88]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007729072c 5 bytes JMP 000000010025012a
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007729081c 5 bytes JMP 0000000100250758
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077290834 5 bytes JMP 0000000100250676
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077290d84 5 bytes JMP 00000001002503d0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772918b0 5 bytes JMP 0000000100250594
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077291b74 5 bytes JMP 000000010025083a
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077291d00 5 bytes JMP 000000010025020c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076e5524f 7 bytes JMP 0000000100250f52
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076e553d0 7 bytes JMP 0000000100320210
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076e55677 1 byte JMP 0000000100320048
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076e55679 5 bytes {JMP 0xffffffff894ca9d1}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076e5589a 7 bytes JMP 0000000100250ca6
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076e55a1d 7 bytes JMP 00000001003203d8
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076e55c9b 7 bytes JMP 000000010032012c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076e55d87 7 bytes JMP 00000001003202f4
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076e57240 7 bytes JMP 0000000100250e6e
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000753615ea 7 bytes JMP 0000000100320762
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\syswow64\urlmon.dll!URLOpenPullStreamW + 69 0000000075255723 7 bytes JMP 000000010032059e
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007728fc40 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007728fda4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007728fe38 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007728ff94 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007728ffc8 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007728fff8 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077290014 2 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 3 0000000077290017 2 bytes [D9, 88]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007729072c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007729081c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077290834 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077290d84 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772918b0 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077291b74 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077291d00 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000753615ea 7 bytes JMP 00000001001104bc
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076e5524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076e553d0 7 bytes JMP 0000000100110210
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076e55677 1 byte JMP 0000000100110048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076e55679 5 bytes {JMP 0xffffffff892ba9d1}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076e5589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076e55a1d 7 bytes JMP 00000001001103d8
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076e55c9b 7 bytes JMP 000000010011012c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076e55d87 7 bytes JMP 00000001001102f4
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076e57240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [4300] entry point in ".rdata" section 00000000748771e6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007728f941 7 bytes {MOV EDX, 0x2f0628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007728fb85 7 bytes {MOV EDX, 0x2f0668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007728fbb5 7 bytes {MOV EDX, 0x2f05a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007728fbcd 7 bytes {MOV EDX, 0x2f0528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007728fbe5 7 bytes {MOV EDX, 0x2f0728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007728fc15 7 bytes {MOV EDX, 0x2f0768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007728fc40 5 bytes JMP 000000010066091c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007728fc95 7 bytes {MOV EDX, 0x2f06e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007728fcad 7 bytes {MOV EDX, 0x2f06a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007728fcf9 7 bytes {MOV EDX, 0x2f0468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007728fda4 5 bytes JMP 0000000100660048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007728fdf1 7 bytes {MOV EDX, 0x2f04a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007728fe38 5 bytes JMP 00000001006602ee
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007728ff94 5 bytes JMP 00000001006604b2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007728ffc8 5 bytes JMP 00000001006609fe
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007728fff8 5 bytes JMP 0000000100660ae0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077290014 2 bytes JMP 000000010063004c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 3 0000000077290017 2 bytes [3A, 89]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077290049 7 bytes {MOV EDX, 0x2f0428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007729072c 5 bytes JMP 000000010066012a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007729081c 5 bytes JMP 0000000100660758
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077290834 5 bytes JMP 0000000100660676
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077290d84 5 bytes JMP 00000001006603d0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077291055 7 bytes {MOV EDX, 0x2f05e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772910cd 7 bytes {MOV EDX, 0x2f0568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772912d1 7 bytes {MOV EDX, 0x2f04e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772918b0 5 bytes JMP 0000000100660594
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077291b74 5 bytes JMP 000000010066083a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077291d00 5 bytes JMP 000000010066020c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000753615ea 7 bytes JMP 00000001006704bc
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076e5524f 7 bytes JMP 0000000100660f52
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076e553d0 7 bytes JMP 0000000100670210
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076e55677 1 byte JMP 0000000100670048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076e55679 5 bytes {JMP 0xffffffff8981a9d1}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076e5589a 7 bytes JMP 0000000100660ca6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076e55a1d 7 bytes JMP 00000001006703d8
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076e55c9b 7 bytes JMP 000000010067012c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076e55d87 7 bytes JMP 00000001006702f4
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076e57240 7 bytes JMP 0000000100660e6e
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007728f941 7 bytes {MOV EDX, 0x58ce28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007728fb85 7 bytes {MOV EDX, 0x58ce68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007728fbb5 7 bytes {MOV EDX, 0x58cda8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007728fbcd 7 bytes {MOV EDX, 0x58cd28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007728fbe5 7 bytes {MOV EDX, 0x58cf28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007728fc15 7 bytes {MOV EDX, 0x58cf68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007728fc40 5 bytes JMP 00000001006b091c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007728fc95 7 bytes {MOV EDX, 0x58cee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007728fcad 7 bytes {MOV EDX, 0x58cea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007728fcf9 7 bytes {MOV EDX, 0x58cc68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007728fda4 5 bytes JMP 00000001006b0048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007728fdf1 7 bytes {MOV EDX, 0x58cca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007728fe38 5 bytes JMP 00000001006b02ee
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007728ff94 5 bytes JMP 00000001006b04b2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007728ffc8 5 bytes JMP 00000001006b09fe
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007728fff8 5 bytes JMP 00000001006b0ae0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077290014 2 bytes JMP 000000010069004c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 3 0000000077290017 2 bytes [40, 89]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077290049 7 bytes {MOV EDX, 0x58cc28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007729072c 5 bytes JMP 00000001006b012a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007729081c 5 bytes JMP 00000001006b0758
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077290834 5 bytes JMP 00000001006b0676
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077290d84 5 bytes JMP 00000001006b03d0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077291055 7 bytes {MOV EDX, 0x58cde8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772910cd 7 bytes {MOV EDX, 0x58cd68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772912d1 7 bytes {MOV EDX, 0x58cce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772918b0 5 bytes JMP 00000001006b0594
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077291b74 5 bytes JMP 00000001006b083a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077291d00 5 bytes JMP 00000001006b020c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000753615ea 7 bytes JMP 00000001006c04bc
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076e5524f 7 bytes JMP 00000001006b0f52
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076e553d0 7 bytes JMP 00000001006c0210
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076e55677 1 byte JMP 00000001006c0048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076e55679 5 bytes {JMP 0xffffffff8986a9d1}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076e5589a 7 bytes JMP 00000001006b0ca6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076e55a1d 7 bytes JMP 00000001006c03d8
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076e55c9b 7 bytes JMP 00000001006c012c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076e55d87 7 bytes JMP 00000001006c02f4
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076e57240 7 bytes JMP 00000001006b0e6e
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007728f941 7 bytes {MOV EDX, 0x2ff628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007728fb85 7 bytes {MOV EDX, 0x2ff668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007728fbb5 7 bytes {MOV EDX, 0x2ff5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007728fbcd 7 bytes {MOV EDX, 0x2ff528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007728fbe5 7 bytes {MOV EDX, 0x2ff728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007728fc15 7 bytes {MOV EDX, 0x2ff768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007728fc40 5 bytes JMP 000000010037091c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007728fc95 7 bytes {MOV EDX, 0x2ff6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007728fcad 7 bytes {MOV EDX, 0x2ff6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007728fcf9 7 bytes {MOV EDX, 0x2ff468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007728fda4 5 bytes JMP 0000000100370048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007728fdf1 7 bytes {MOV EDX, 0x2ff4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007728fe38 5 bytes JMP 00000001003702ee
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007728ff94 5 bytes JMP 00000001003704b2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007728ffc8 5 bytes JMP 00000001003709fe
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007728fff8 5 bytes JMP 0000000100370ae0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077290014 2 bytes JMP 000000010035004c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 3 0000000077290017 2 bytes [0C, 89]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077290049 7 bytes {MOV EDX, 0x2ff428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007729072c 5 bytes JMP 000000010037012a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007729081c 5 bytes JMP 0000000100370758
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077290834 5 bytes JMP 0000000100370676
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077290d84 5 bytes JMP 00000001003703d0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077291055 7 bytes {MOV EDX, 0x2ff5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772910cd 7 bytes {MOV EDX, 0x2ff568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772912d1 7 bytes {MOV EDX, 0x2ff4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772918b0 5 bytes JMP 0000000100370594
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077291b74 5 bytes JMP 000000010037083a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077291d00 5 bytes JMP 000000010037020c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000753615ea 7 bytes JMP 00000001003804bc
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076e5524f 7 bytes JMP 0000000100370f52
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076e553d0 7 bytes JMP 0000000100380210
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076e55677 1 byte JMP 0000000100380048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076e55679 5 bytes {JMP 0xffffffff8952a9d1}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076e5589a 7 bytes JMP 0000000100370ca6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076e55a1d 7 bytes JMP 00000001003803d8
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076e55c9b 7 bytes JMP 000000010038012c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076e55d87 7 bytes JMP 00000001003802f4
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076e57240 7 bytes JMP 0000000100370e6e
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007728fc40 5 bytes JMP 000000010009091c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007728fda4 5 bytes JMP 0000000100090048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007728fe38 5 bytes JMP 00000001000902ee
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007728ff94 5 bytes JMP 00000001000904b2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007728ffc8 5 bytes JMP 00000001000909fe
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007728fff8 5 bytes JMP 0000000100090ae0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077290014 2 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 3 0000000077290017 2 bytes [D9, 88]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007729072c 5 bytes JMP 000000010009012a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007729081c 5 bytes JMP 0000000100090758
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077290834 5 bytes JMP 0000000100090676
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077290d84 5 bytes JMP 00000001000903d0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772918b0 5 bytes JMP 0000000100090594
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077291b74 5 bytes JMP 000000010009083a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077291d00 5 bytes JMP 000000010009020c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000753615ea 7 bytes JMP 00000001000a04bc
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076e5524f 7 bytes JMP 0000000100090f52
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076e553d0 7 bytes JMP 00000001000a0210
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076e55677 1 byte JMP 00000001000a0048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076e55679 5 bytes {JMP 0xffffffff8924a9d1}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076e5589a 7 bytes JMP 0000000100090ca6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076e55a1d 7 bytes JMP 00000001000a03d8
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076e55c9b 7 bytes JMP 00000001000a012c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076e55d87 7 bytes JMP 00000001000a02f4
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076e57240 7 bytes JMP 0000000100090e6e
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\syswow64\urlmon.dll!URLOpenPullStreamW + 69 0000000075255723 7 bytes JMP 00000001000a0680
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007728f941 7 bytes {MOV EDX, 0xbcd228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007728fb85 7 bytes {MOV EDX, 0xbcd268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007728fbb5 7 bytes {MOV EDX, 0xbcd1a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007728fbcd 7 bytes {MOV EDX, 0xbcd128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007728fbe5 7 bytes {MOV EDX, 0xbcd328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007728fc15 7 bytes {MOV EDX, 0xbcd368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007728fc40 5 bytes JMP 0000000100cf091c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007728fc95 7 bytes {MOV EDX, 0xbcd2e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007728fcad 7 bytes {MOV EDX, 0xbcd2a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007728fcf9 7 bytes {MOV EDX, 0xbcd068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007728fda4 5 bytes JMP 0000000100cf0048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007728fdf1 7 bytes {MOV EDX, 0xbcd0a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007728fe38 5 bytes JMP 0000000100cf02ee
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007728ff94 5 bytes JMP 0000000100cf04b2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007728ffc8 5 bytes JMP 0000000100cf09fe
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007728fff8 5 bytes JMP 0000000100cf0ae0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077290014 2 bytes JMP 0000000100c9004c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 3 0000000077290017 2 bytes [A0, 89]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077290049 7 bytes {MOV EDX, 0xbcd028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007729072c 5 bytes JMP 0000000100cf012a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007729081c 5 bytes JMP 0000000100cf0758
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077290834 5 bytes JMP 0000000100cf0676
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077290d84 5 bytes JMP 0000000100cf03d0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077291055 7 bytes {MOV EDX, 0xbcd1e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772910cd 7 bytes {MOV EDX, 0xbcd168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772912d1 7 bytes {MOV EDX, 0xbcd0e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772918b0 5 bytes JMP 0000000100cf0594
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077291b74 5 bytes JMP 0000000100cf083a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077291d00 5 bytes JMP 0000000100cf020c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000753615ea 7 bytes JMP 0000000100d004bc
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076e5524f 7 bytes JMP 0000000100cf0f52
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076e553d0 7 bytes JMP 0000000100d00210
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076e55677 1 byte JMP 0000000100d00048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076e55679 5 bytes {JMP 0xffffffff89eaa9d1}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076e5589a 7 bytes JMP 0000000100cf0ca6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076e55a1d 7 bytes JMP 0000000100d003d8
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076e55c9b 7 bytes JMP 0000000100d0012c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076e55d87 7 bytes JMP 0000000100d002f4
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076e57240 7 bytes JMP 0000000100cf0e6e
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75]
.text ... * 2
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007728fc40 5 bytes JMP 00000001004f091c
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007728fda4 5 bytes JMP 00000001004f0048
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007728fe38 5 bytes JMP 00000001004f02ee
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007728ff94 5 bytes JMP 00000001004f04b2
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007728ffc8 5 bytes JMP 00000001004f09fe
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007728fff8 5 bytes JMP 00000001004f0ae0
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077290014 2 bytes JMP 000000010002004c
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 3 0000000077290017 2 bytes [D9, 88]
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007729072c 5 bytes JMP 00000001004f012a
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007729081c 5 bytes JMP 00000001004f0758
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077290834 5 bytes JMP 00000001004f0676
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077290d84 5 bytes JMP 00000001004f03d0
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772918b0 5 bytes JMP 00000001004f0594
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077291b74 5 bytes JMP 00000001004f083a
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077291d00 5 bytes JMP 00000001004f020c
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076e5524f 7 bytes JMP 00000001004f0f52
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076e553d0 7 bytes JMP 0000000100500210
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076e55677 1 byte JMP 0000000100500048
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076e55679 5 bytes {JMP 0xffffffff896aa9d1}
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076e5589a 7 bytes JMP 00000001004f0ca6
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076e55a1d 7 bytes JMP 00000001005003d8
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076e55c9b 7 bytes JMP 000000010050012c
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076e55d87 7 bytes JMP 00000001005002f4
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076e57240 7 bytes JMP 00000001004f0e6e
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000753615ea 7 bytes JMP 00000001005004bc
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- Hoffentlich habe ich es jetzt so richtig gemacht .
Danke das sie mir helfen . |