GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-23 11:10:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 ST500DM002-1BD142 rev.KC45 465,76GB Running: jyvluwtt.exe; Driver: C:\Users\GGPROJ~1\AppData\Local\Temp\ugddapob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRtp.exe[904] C:\Windows\SysWOW64\ntdll.dll!KiUserCallbackDispatcher 00000000777e010c 7 bytes JMP 0000000174be3b70 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRtp.exe[904] C:\Windows\SysWOW64\ntdll.dll!RtlProcessFlsData 0000000077808dbb 5 bytes JMP 0000000174df3e1c .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRtp.exe[904] C:\Windows\SysWOW64\ntdll.dll!RtlPcToFileHeader 000000007780ea5c 7 bytes JMP 0000000174df3e56 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRtp.exe[904] C:\Windows\SysWOW64\ntdll.dll!LdrShutdownThread 000000007782674d 7 bytes JMP 0000000174df3f20 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRtp.exe[904] C:\Windows\SysWOW64\ntdll.dll!RtlExitUserProcess 0000000077829c6a 5 bytes JMP 0000000174df3dbb .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRtp.exe[904] C:\Windows\SysWOW64\ntdll.dll!LdrShutdownProcess 0000000077829cfb 7 bytes JMP 0000000174df3eeb .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRtp.exe[904] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076154915 5 bytes JMP 0000000174df3d6c .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRtp.exe[904] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076158781 5 bytes [33, C0, C2, 04, 00] .text C:\Windows\Explorer.EXE[1944] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx 0000000077626760 15 bytes JMP 000000016fff0158 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\SysWOW64\ntdll.dll!KiUserCallbackDispatcher 00000000777e010c 7 bytes JMP 0000000174be3b70 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\SysWOW64\ntdll.dll!RtlProcessFlsData 0000000077808dbb 5 bytes JMP 0000000174df3e1c .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\SysWOW64\ntdll.dll!RtlPcToFileHeader 000000007780ea5c 7 bytes JMP 0000000174df3e56 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\SysWOW64\ntdll.dll!LdrShutdownThread 000000007782674d 7 bytes JMP 0000000174df3f20 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\SysWOW64\ntdll.dll!RtlExitUserProcess 0000000077829c6a 5 bytes JMP 0000000174df3dbb .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\SysWOW64\ntdll.dll!LdrShutdownProcess 0000000077829cfb 7 bytes JMP 0000000174df3eeb .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\kernel32.dll!FreeLibrary 0000000076153478 5 bytes JMP 00000001300033ea .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000076153485 5 bytes JMP 0000000171096eb0 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076154915 5 bytes JMP 0000000174df3d6c .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\kernel32.dll!DeleteFileA 00000000761553fc 5 bytes JMP 0000000130076c25 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076158781 5 bytes [33, C0, C2, 04, 00] .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\kernel32.dll!DeleteFileW 000000007615896b 5 bytes JMP 0000000130076b5c .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\GDI32.dll!CreateFontIndirectW 0000000076fe5c19 5 bytes JMP 0000000130866aaf .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\GDI32.dll!CreateFontW 0000000076feb600 5 bytes JMP 0000000130866a96 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000751d8332 5 bytes JMP 00000001308f211d .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000751d8a29 5 bytes JMP 00000001308f2170 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\USER32.dll!SetWindowPos 00000000751d8e4e 5 bytes JMP 00000001308f20be .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\USER32.dll!DestroyWindow 00000000751d9a55 5 bytes JMP 00000001308f2f47 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000751e0dfb 5 bytes JMP 00000001308f206e .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\USER32.dll!BeginPaint 00000000751e1361 5 bytes JMP 00000001308f2eeb .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\USER32.dll!InvalidateRect 00000000751e1381 5 bytes JMP 00000001308f3165 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\USER32.dll!SetParent 00000000751e2d64 5 bytes JMP 00000001308f21b9 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\USER32.dll!InvalidateRgn 00000000751e6604 5 bytes JMP 00000001308f3194 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\USER32.dll!ValidateRect 00000000751e7849 5 bytes JMP 00000001308f23e3 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\USER32.dll!ValidateRgn 00000000751e8e72 5 bytes JMP 00000001308f23ec .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\USER32.dll!GetUpdateRect 00000000751fd41f 5 bytes JMP 00000001308f2ea0 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW 0000000076f345f5 5 bytes JMP 00000001308aa3be .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA 0000000076f3486f 5 bytes JMP 00000001308aa353 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076251401 2 bytes JMP 7617b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076251419 2 bytes JMP 7617b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076251431 2 bytes JMP 761f8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007625144a 2 bytes CALL 7615489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762514dd 2 bytes JMP 761f8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762514f5 2 bytes JMP 761f89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007625150d 2 bytes JMP 761f8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076251525 2 bytes JMP 761f8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007625153d 2 bytes JMP 7616fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076251555 2 bytes JMP 761768ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007625156d 2 bytes JMP 761f8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076251585 2 bytes JMP 761f8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007625159d 2 bytes JMP 761f86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762515b5 2 bytes JMP 7616fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762515cd 2 bytes JMP 7617b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762516b2 2 bytes JMP 761f8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762516bd 2 bytes JMP 761f8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000771f7673 5 bytes JMP 0000000170d01257 .text C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe[1668] C:\Windows\syswow64\ole32.dll!CoUninitialize 00000000766086d3 5 bytes JMP 0000000174df3e93 .text C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp[2816] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000076251401 2 bytes JMP 7617b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp[2816] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000076251419 2 bytes JMP 7617b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp[2816] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000076251431 2 bytes JMP 761f8f29 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp[2816] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007625144a 2 bytes CALL 7615489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp[2816] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000762514dd 2 bytes JMP 761f8822 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp[2816] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000762514f5 2 bytes JMP 761f89f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp[2816] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007625150d 2 bytes JMP 761f8718 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp[2816] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076251525 2 bytes JMP 761f8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp[2816] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007625153d 2 bytes JMP 7616fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp[2816] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000076251555 2 bytes JMP 761768ef C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp[2816] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007625156d 2 bytes JMP 761f8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp[2816] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000076251585 2 bytes JMP 761f8b42 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp[2816] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007625159d 2 bytes JMP 761f86dc C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp[2816] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000762515b5 2 bytes JMP 7616fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp[2816] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000762515cd 2 bytes JMP 7617b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp[2816] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000762516b2 2 bytes JMP 761f8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp[2816] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000762516bd 2 bytes JMP 761f8671 C:\Windows\syswow64\kernel32.dll .text D:\Nemetschek\Allplan\Tmp\AllplanUpdCheck.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076251401 2 bytes JMP 7617b21b C:\Windows\syswow64\KERNEL32.dll .text D:\Nemetschek\Allplan\Tmp\AllplanUpdCheck.exe[4852] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076251419 2 bytes JMP 7617b346 C:\Windows\syswow64\KERNEL32.dll .text D:\Nemetschek\Allplan\Tmp\AllplanUpdCheck.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076251431 2 bytes JMP 761f8f29 C:\Windows\syswow64\KERNEL32.dll .text D:\Nemetschek\Allplan\Tmp\AllplanUpdCheck.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007625144a 2 bytes CALL 7615489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text D:\Nemetschek\Allplan\Tmp\AllplanUpdCheck.exe[4852] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762514dd 2 bytes JMP 761f8822 C:\Windows\syswow64\KERNEL32.dll .text D:\Nemetschek\Allplan\Tmp\AllplanUpdCheck.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762514f5 2 bytes JMP 761f89f8 C:\Windows\syswow64\KERNEL32.dll .text D:\Nemetschek\Allplan\Tmp\AllplanUpdCheck.exe[4852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007625150d 2 bytes JMP 761f8718 C:\Windows\syswow64\KERNEL32.dll .text D:\Nemetschek\Allplan\Tmp\AllplanUpdCheck.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076251525 2 bytes JMP 761f8ae2 C:\Windows\syswow64\KERNEL32.dll .text D:\Nemetschek\Allplan\Tmp\AllplanUpdCheck.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007625153d 2 bytes JMP 7616fca8 C:\Windows\syswow64\KERNEL32.dll .text D:\Nemetschek\Allplan\Tmp\AllplanUpdCheck.exe[4852] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076251555 2 bytes JMP 761768ef C:\Windows\syswow64\KERNEL32.dll .text D:\Nemetschek\Allplan\Tmp\AllplanUpdCheck.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007625156d 2 bytes JMP 761f8fe3 C:\Windows\syswow64\KERNEL32.dll .text D:\Nemetschek\Allplan\Tmp\AllplanUpdCheck.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076251585 2 bytes JMP 761f8b42 C:\Windows\syswow64\KERNEL32.dll .text D:\Nemetschek\Allplan\Tmp\AllplanUpdCheck.exe[4852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007625159d 2 bytes JMP 761f86dc C:\Windows\syswow64\KERNEL32.dll .text D:\Nemetschek\Allplan\Tmp\AllplanUpdCheck.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762515b5 2 bytes JMP 7616fd41 C:\Windows\syswow64\KERNEL32.dll .text D:\Nemetschek\Allplan\Tmp\AllplanUpdCheck.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762515cd 2 bytes JMP 7617b2dc C:\Windows\syswow64\KERNEL32.dll .text D:\Nemetschek\Allplan\Tmp\AllplanUpdCheck.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762516b2 2 bytes JMP 761f8ea4 C:\Windows\syswow64\KERNEL32.dll .text D:\Nemetschek\Allplan\Tmp\AllplanUpdCheck.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762516bd 2 bytes JMP 761f8671 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\GG Projekt 13\Downloads\jyvluwtt.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076251401 2 bytes JMP 7617b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\Downloads\jyvluwtt.exe[5104] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076251419 2 bytes JMP 7617b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\Downloads\jyvluwtt.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076251431 2 bytes JMP 761f8f29 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\Downloads\jyvluwtt.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007625144a 2 bytes CALL 7615489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\GG Projekt 13\Downloads\jyvluwtt.exe[5104] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762514dd 2 bytes JMP 761f8822 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\Downloads\jyvluwtt.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762514f5 2 bytes JMP 761f89f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\Downloads\jyvluwtt.exe[5104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007625150d 2 bytes JMP 761f8718 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\Downloads\jyvluwtt.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076251525 2 bytes JMP 761f8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\Downloads\jyvluwtt.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007625153d 2 bytes JMP 7616fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\Downloads\jyvluwtt.exe[5104] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076251555 2 bytes JMP 761768ef C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\Downloads\jyvluwtt.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007625156d 2 bytes JMP 761f8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\Downloads\jyvluwtt.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076251585 2 bytes JMP 761f8b42 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\Downloads\jyvluwtt.exe[5104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007625159d 2 bytes JMP 761f86dc C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\Downloads\jyvluwtt.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762515b5 2 bytes JMP 7616fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\Downloads\jyvluwtt.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762515cd 2 bytes JMP 7617b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\Downloads\jyvluwtt.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762516b2 2 bytes JMP 761f8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Users\GG Projekt 13\Downloads\jyvluwtt.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762516bd 2 bytes JMP 761f8671 C:\Windows\syswow64\kernel32.dll ---- Processes - GMER 2.1 ---- Process C:\Users\GG Projekt 13\AppData\Local\03000200-1432201896-0500-0006-000700080009\bnsy3A47.exe (*** suspicious ***) @ C:\Users\GG Projekt 13\AppData\Local\03000200-1432201896-0500-0006-000700080009\bnsy3A47.exe [2372](2015-05-20 23:50:32) 0000000000c90000 Process C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp (*** suspicious ***) @ C:\Users\GG Projekt 13\AppData\Local\03000200-1432201911-0500-0006-000700080009\cnsy6982.tmp [2816](2015-05-21 07:51:54) 0000000000ff0000 ---- Files - GMER 2.1 ---- File C:\Users\GG Projekt 13\AppData\Local\Temp\etilqs_Z0FDLeeHUntpx5Q 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e94d 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e94e 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e94f 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e950 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e951 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e952 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e953 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e954 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e955 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e956 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e957 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e958 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e959 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e95a 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e95c 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e95e 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e95f 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e961 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e962 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e963 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e964 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e966 0 bytes File C:\Users\GG Projekt 13\AppData\Local\Chromium\User Data\Default\Cache\f_06e967 0 bytes ---- EOF - GMER 2.1 ----