| |
| |||||||
Log-Analyse und Auswertung: Probleme mit trojaner "zbot.gen aj "Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.05.2013, 18:47
| #1 |
| |  Probleme mit trojaner "zbot.gen aj " Hallo Leute, habe seit heute den trojaner "zbot.gen aj" auf meinem PC. Zumindest sag mir das mein MSE  Eig wollte ich nicht mein PC formatieren. Hoffe ihr könnt mir weiter helfen danke schonmal. anbei ein paar infos |
|
05.05.2013, 18:49
| #2 |
| | Probleme mit trojaner "zbot.gen aj " hier noch er scan
__________________GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-05 19:44:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ExcelStor_Technology_J9250S rev.GM2OA52A 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Farzad\AppData\Local\Temp\uwdiipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76]
.text ... * 2
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cc08fc 4 bytes [68, CE, 7D, 57]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077cc0901 1 byte [C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077cd25fd 6 bytes [68, 1B, BC, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cdc45a 6 bytes [68, F3, 7E, 57, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ce2a63 6 bytes [68, 61, BC, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d04128 6 bytes [68, A7, BC, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d0e659 6 bytes [68, ED, BC, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075f84544 6 bytes [68, 5C, 81, 57, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075f879e0 6 bytes [68, 1B, 81, 57, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetDC 00000000761172c4 4 bytes [68, 94, DD, 56]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000761172c9 1 byte [C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000076117446 6 bytes [68, 12, DE, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076117809 6 bytes [68, C9, C4, 57, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000761178e2 6 bytes [68, 72, D7, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076117bd3 6 bytes [68, 9A, D7, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000076118048 4 bytes [68, D3, DD, 56]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 000000007611804d 1 byte [C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076118a65 6 bytes [68, 1F, BF, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!RegisterClassExW 000000007611b17d 6 bytes [68, B9, BF, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007611db98 6 bytes [68, 0B, C0, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000761205ba 6 bytes [68, C2, D7, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076120d32 6 bytes [68, 51, BE, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076121218 6 bytes [68, A5, D5, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076121341 4 bytes [68, F9, DC, 56]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076121346 1 byte [C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076121361 4 bytes [68, 89, DC, 56]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076121366 1 byte [C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076122a8d 6 bytes [68, 73, D5, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076122aac 6 bytes [68, D3, D6, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076123391 4 bytes [68, 39, DD, 56]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076123396 1 byte [C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007612434b 6 bytes [68, 6C, BF, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076125f74 6 bytes [68, ED, D7, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000076126222 6 bytes [68, E5, DE, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007612792f 6 bytes [68, 9A, BE, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000076127fbb 6 bytes [68, 7C, BD, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007612810c 6 bytes [68, 0B, BE, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000761285c1 6 bytes [68, 33, BD, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000761286b4 6 bytes [68, C5, BD, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007613d41f 6 bytes [68, 52, DE, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007613ed49 6 bytes [68, 83, D6, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!SetCapture 000000007613ed56 4 bytes [68, 29, D6, 56]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007613ed5b 1 byte [C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076159854 6 bytes [68, FD, BB, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076159cfd 6 bytes [68, EC, D5, 56, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076159f1d 6 bytes [68, 78, C6, 57, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761787cb 4 bytes [68, AD, BB, 56]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761787d0 1 byte [C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000075edc592 6 bytes [68, D9, 81, 57, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075f12538 6 bytes [68, C2, 81, 57, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076a53918 6 bytes [68, 3D, 2D, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076a54296 6 bytes [68, 4E, 29, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076a54406 6 bytes [68, 96, 2D, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WS2_32.dll!send 0000000076a56f01 6 bytes [68, 75, 2D, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076a67673 6 bytes [68, DE, 28, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076990ec0 6 bytes [68, 60, 62, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075a3a336 6 bytes [68, 84, 28, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075a3ab41 6 bytes [68, E4, 26, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075a3b3fe 6 bytes [68, 51, 27, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075a44a43 6 bytes [68, E2, 23, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075a44c7e 6 bytes [68, 26, 24, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075a45e5d 6 bytes [68, 58, 28, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075a4ba12 6 bytes [68, 6A, 24, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075a545e2 6 bytes [68, 4E, 26, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075a54a35 6 bytes [68, 14, 25, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075a6ae56 6 bytes [68, 7F, 27, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075a9b04e 6 bytes [68, FE, 27, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075ab1962 6 bytes [68, B1, 25, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075ab19e5 6 bytes [68, 99, 26, 58, 00, C3]
.text C:\Windows\Philips\SPC220NC\Monitor.exe[2892] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075ab1a48 6 bytes [68, BF, 24, 58, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cc08fc 6 bytes [68, CE, 7D, 5D, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077cd25fd 6 bytes [68, 1B, BC, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cdc45a 6 bytes [68, F3, 7E, 5D, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ce2a63 6 bytes [68, 61, BC, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d04128 6 bytes [68, A7, BC, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d0e659 6 bytes [68, ED, BC, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075f84544 6 bytes [68, 5C, 81, 5D, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075f879e0 6 bytes [68, 1B, 81, 5D, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000075edc592 6 bytes [68, D9, 81, 5D, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075f12538 6 bytes [68, C2, 81, 5D, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetDC 00000000761172c4 6 bytes [68, 94, DD, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000076117446 6 bytes [68, 12, DE, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076117809 6 bytes [68, C9, C4, 5D, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000761178e2 6 bytes [68, 72, D7, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076117bd3 6 bytes [68, 9A, D7, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000076118048 6 bytes [68, D3, DD, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076118a65 6 bytes [68, 1F, BF, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!RegisterClassExW 000000007611b17d 6 bytes [68, B9, BF, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007611db98 6 bytes [68, 0B, C0, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000761205ba 6 bytes [68, C2, D7, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076120d32 6 bytes [68, 51, BE, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076121218 6 bytes [68, A5, D5, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076121341 6 bytes [68, F9, DC, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076121361 6 bytes [68, 89, DC, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076122a8d 6 bytes [68, 73, D5, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076122aac 6 bytes [68, D3, D6, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076123391 6 bytes [68, 39, DD, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007612434b 6 bytes [68, 6C, BF, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076125f74 6 bytes [68, ED, D7, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000076126222 6 bytes [68, E5, DE, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007612792f 6 bytes [68, 9A, BE, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000076127fbb 6 bytes [68, 7C, BD, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007612810c 6 bytes [68, 0B, BE, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000761285c1 6 bytes [68, 33, BD, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000761286b4 6 bytes [68, C5, BD, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007613d41f 6 bytes [68, 52, DE, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007613ed49 6 bytes [68, 83, D6, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!SetCapture 000000007613ed56 6 bytes [68, 29, D6, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076159854 6 bytes [68, FD, BB, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076159cfd 6 bytes [68, EC, D5, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076159f1d 6 bytes [68, 78, C6, 5D, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761787cb 6 bytes [68, AD, BB, 5C, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076a53918 6 bytes [68, 3D, 2D, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076a54296 6 bytes [68, 4E, 29, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076a54406 6 bytes [68, 96, 2D, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WS2_32.dll!send 0000000076a56f01 6 bytes [68, 75, 2D, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076a67673 6 bytes [68, DE, 28, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076990ec0 6 bytes [68, 60, 62, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!HttpQueryInfoA 0000000075a3a336 6 bytes [68, 84, 28, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!InternetCloseHandle 0000000075a3ab41 6 bytes [68, E4, 26, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!InternetReadFile 0000000075a3b3fe 6 bytes [68, 51, 27, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!HttpOpenRequestW 0000000075a44a43 6 bytes [68, E2, 23, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!HttpOpenRequestA 0000000075a44c7e 6 bytes [68, 26, 24, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!InternetQueryDataAvailable 0000000075a45e5d 6 bytes [68, 58, 28, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!HttpSendRequestW 0000000075a4ba12 6 bytes [68, 6A, 24, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!HttpEndRequestA 0000000075a545e2 6 bytes [68, 4E, 26, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!HttpSendRequestExW 0000000075a54a35 6 bytes [68, 14, 25, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!InternetReadFileExA 0000000075a6ae56 6 bytes [68, 7F, 27, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!InternetSetFilePointer 0000000075a9b04e 6 bytes [68, FE, 27, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!HttpSendRequestExA 0000000075ab1962 6 bytes [68, B1, 25, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!HttpEndRequestW 0000000075ab19e5 6 bytes [68, 99, 26, 5E, 02, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1508] C:\Windows\syswow64\WININET.DLL!HttpSendRequestA 0000000075ab1a48 6 bytes [68, BF, 24, 5E, 02, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cc08fc 4 bytes [68, CE, 7D, 38]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077cc0901 1 byte [C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077cd25fd 6 bytes [68, 1B, BC, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cdc45a 6 bytes [68, F3, 7E, 38, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ce2a63 6 bytes [68, 61, BC, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d04128 6 bytes [68, A7, BC, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d0e659 6 bytes [68, ED, BC, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075f84544 6 bytes [68, 5C, 81, 38, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075f879e0 6 bytes [68, 1B, 81, 38, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetDC 00000000761172c4 4 bytes [68, 94, DD, 37]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000761172c9 1 byte [C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000076117446 6 bytes [68, 12, DE, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076117809 6 bytes [68, C9, C4, 38, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000761178e2 6 bytes [68, 72, D7, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076117bd3 6 bytes [68, 9A, D7, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000076118048 4 bytes [68, D3, DD, 37]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 000000007611804d 1 byte [C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076118a65 6 bytes [68, 1F, BF, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!RegisterClassExW 000000007611b17d 6 bytes [68, B9, BF, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007611db98 6 bytes [68, 0B, C0, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000761205ba 6 bytes [68, C2, D7, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076120d32 6 bytes [68, 51, BE, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076121218 6 bytes [68, A5, D5, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076121341 4 bytes [68, F9, DC, 37]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076121346 1 byte [C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076121361 4 bytes [68, 89, DC, 37]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076121366 1 byte [C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076122a8d 6 bytes [68, 73, D5, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076122aac 6 bytes [68, D3, D6, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076123391 4 bytes [68, 39, DD, 37]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076123396 1 byte [C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007612434b 6 bytes [68, 6C, BF, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076125f74 6 bytes [68, ED, D7, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000076126222 6 bytes [68, E5, DE, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007612792f 6 bytes [68, 9A, BE, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000076127fbb 6 bytes [68, 7C, BD, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007612810c 6 bytes [68, 0B, BE, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000761285c1 6 bytes [68, 33, BD, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000761286b4 6 bytes [68, C5, BD, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007613d41f 6 bytes [68, 52, DE, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007613ed49 6 bytes [68, 83, D6, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!SetCapture 000000007613ed56 4 bytes [68, 29, D6, 37]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007613ed5b 1 byte [C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076159854 6 bytes [68, FD, BB, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076159cfd 6 bytes [68, EC, D5, 37, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076159f1d 6 bytes [68, 78, C6, 38, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761787cb 4 bytes [68, AD, BB, 37]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761787d0 1 byte [C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000075edc592 6 bytes [68, D9, 81, 38, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075f12538 6 bytes [68, C2, 81, 38, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075a3a336 6 bytes [68, 84, 28, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075a3ab41 6 bytes [68, E4, 26, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075a3b3fe 6 bytes [68, 51, 27, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075a44a43 6 bytes [68, E2, 23, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075a44c7e 6 bytes [68, 26, 24, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075a45e5d 6 bytes [68, 58, 28, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075a4ba12 6 bytes [68, 6A, 24, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075a545e2 6 bytes [68, 4E, 26, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075a54a35 6 bytes [68, 14, 25, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075a6ae56 6 bytes [68, 7F, 27, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075a9b04e 6 bytes [68, FE, 27, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075ab1962 6 bytes [68, B1, 25, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075ab19e5 6 bytes [68, 99, 26, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075ab1a48 6 bytes [68, BF, 24, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076990ec0 6 bytes [68, 60, 62, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\ws2_32.DLL!closesocket 0000000076a53918 6 bytes [68, 3D, 2D, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\ws2_32.DLL!getaddrinfo 0000000076a54296 6 bytes [68, 4E, 29, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\ws2_32.DLL!WSASend 0000000076a54406 6 bytes [68, 96, 2D, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\ws2_32.DLL!send 0000000076a56f01 6 bytes [68, 75, 2D, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\ws2_32.DLL!gethostbyname 0000000076a67673 6 bytes [68, DE, 28, 39, 00, C3]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [2564] entry point in ".rdata" section 00000000745871e6
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cc08fc 4 bytes [68, CE, 7D, 9F]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077cc0901 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077cd25fd 6 bytes [68, 1B, BC, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cdc45a 6 bytes [68, F3, 7E, 9F, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ce2a63 6 bytes [68, 61, BC, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d04128 6 bytes [68, A7, BC, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d0e659 6 bytes [68, ED, BC, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075f84544 6 bytes [68, 5C, 81, 9F, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075f879e0 6 bytes [68, 1B, 81, 9F, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000075edc592 6 bytes [68, D9, 81, 9F, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075f12538 6 bytes [68, C2, 81, 9F, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetDC 00000000761172c4 4 bytes [68, 94, DD, 9E]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000761172c9 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000076117446 6 bytes [68, 12, DE, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076117809 6 bytes [68, C9, C4, 9F, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000761178e2 6 bytes [68, 72, D7, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076117bd3 6 bytes [68, 9A, D7, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000076118048 4 bytes [68, D3, DD, 9E]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 000000007611804d 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076118a65 6 bytes [68, 1F, BF, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!RegisterClassExW 000000007611b17d 6 bytes [68, B9, BF, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007611db98 6 bytes [68, 0B, C0, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000761205ba 6 bytes [68, C2, D7, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076120d32 6 bytes [68, 51, BE, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076121218 6 bytes [68, A5, D5, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076121341 4 bytes [68, F9, DC, 9E]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076121346 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076121361 4 bytes [68, 89, DC, 9E]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076121366 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076122a8d 6 bytes [68, 73, D5, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076122aac 6 bytes [68, D3, D6, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076123391 4 bytes [68, 39, DD, 9E]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076123396 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007612434b 6 bytes [68, 6C, BF, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076125f74 6 bytes [68, ED, D7, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000076126222 6 bytes [68, E5, DE, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007612792f 6 bytes [68, 9A, BE, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000076127fbb 6 bytes [68, 7C, BD, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007612810c 6 bytes [68, 0B, BE, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000761285c1 6 bytes [68, 33, BD, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000761286b4 6 bytes [68, C5, BD, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007613d41f 6 bytes [68, 52, DE, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007613ed49 6 bytes [68, 83, D6, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!SetCapture 000000007613ed56 4 bytes [68, 29, D6, 9E]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007613ed5b 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076159854 6 bytes [68, FD, BB, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076159cfd 6 bytes [68, EC, D5, 9E, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076159f1d 6 bytes [68, 78, C6, 9F, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761787cb 4 bytes [68, AD, BB, 9E]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761787d0 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075a3a336 6 bytes [68, 84, 28, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075a3ab41 6 bytes [68, E4, 26, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075a3b3fe 6 bytes [68, 51, 27, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075a44a43 6 bytes [68, E2, 23, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075a44c7e 6 bytes [68, 26, 24, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075a45e5d 6 bytes [68, 58, 28, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075a4ba12 6 bytes [68, 6A, 24, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075a545e2 6 bytes [68, 4E, 26, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075a54a35 6 bytes [68, 14, 25, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075a6ae56 6 bytes [68, 7F, 27, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075a9b04e 6 bytes [68, FE, 27, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075ab1962 6 bytes [68, B1, 25, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075ab19e5 6 bytes [68, 99, 26, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075ab1a48 6 bytes [68, BF, 24, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076990ec0 6 bytes [68, 60, 62, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076a53918 6 bytes [68, 3D, 2D, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076a54296 6 bytes [68, 4E, 29, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076a54406 6 bytes [68, 96, 2D, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WS2_32.dll!send 0000000076a56f01 6 bytes [68, 75, 2D, A0, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1788] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076a67673 6 bytes [68, DE, 28, A0, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cc08fc 4 bytes [68, CE, 7D, 37]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077cc0901 1 byte [C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077cd25fd 6 bytes [68, 1B, BC, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cdc45a 6 bytes [68, F3, 7E, 37, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ce2a63 6 bytes [68, 61, BC, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d04128 6 bytes [68, A7, BC, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d0e659 6 bytes [68, ED, BC, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075f84544 6 bytes [68, 5C, 81, 37, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075f879e0 6 bytes [68, 1B, 81, 37, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetDC 00000000761172c4 4 bytes [68, 94, DD, 36]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000761172c9 1 byte [C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000076117446 6 bytes [68, 12, DE, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076117809 6 bytes [68, C9, C4, 37, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000761178e2 6 bytes [68, 72, D7, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076117bd3 6 bytes [68, 9A, D7, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000076118048 4 bytes [68, D3, DD, 36]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 000000007611804d 1 byte [C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076118a65 6 bytes [68, 1F, BF, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!RegisterClassExW 000000007611b17d 6 bytes [68, B9, BF, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007611db98 6 bytes [68, 0B, C0, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000761205ba 6 bytes [68, C2, D7, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076120d32 6 bytes [68, 51, BE, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076121218 6 bytes [68, A5, D5, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076121341 4 bytes [68, F9, DC, 36]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076121346 1 byte [C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076121361 4 bytes [68, 89, DC, 36]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076121366 1 byte [C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076122a8d 6 bytes [68, 73, D5, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076122aac 6 bytes [68, D3, D6, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076123391 4 bytes [68, 39, DD, 36]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076123396 1 byte [C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007612434b 6 bytes [68, 6C, BF, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076125f74 6 bytes [68, ED, D7, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000076126222 6 bytes [68, E5, DE, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007612792f 6 bytes [68, 9A, BE, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000076127fbb 6 bytes [68, 7C, BD, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007612810c 6 bytes [68, 0B, BE, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000761285c1 6 bytes [68, 33, BD, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000761286b4 6 bytes [68, C5, BD, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007613d41f 6 bytes [68, 52, DE, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007613ed49 6 bytes [68, 83, D6, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!SetCapture 000000007613ed56 4 bytes [68, 29, D6, 36]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007613ed5b 1 byte [C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076159854 6 bytes [68, FD, BB, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076159cfd 6 bytes [68, EC, D5, 36, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076159f1d 6 bytes [68, 78, C6, 37, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761787cb 4 bytes [68, AD, BB, 36]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761787d0 1 byte [C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000075edc592 6 bytes [68, D9, 81, 37, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075f12538 6 bytes [68, C2, 81, 37, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076a53918 6 bytes [68, 3D, 2D, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076a54296 6 bytes [68, 4E, 29, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076a54406 6 bytes [68, 96, 2D, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WS2_32.dll!send 0000000076a56f01 6 bytes [68, 75, 2D, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076a67673 6 bytes [68, DE, 28, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076990ec0 6 bytes [68, 60, 62, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075a3a336 6 bytes [68, 84, 28, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075a3ab41 6 bytes [68, E4, 26, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075a3b3fe 6 bytes [68, 51, 27, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075a44a43 6 bytes [68, E2, 23, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075a44c7e 6 bytes [68, 26, 24, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075a45e5d 6 bytes [68, 58, 28, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075a4ba12 6 bytes [68, 6A, 24, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075a545e2 6 bytes [68, 4E, 26, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075a54a35 6 bytes [68, 14, 25, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075a6ae56 6 bytes [68, 7F, 27, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075a9b04e 6 bytes [68, FE, 27, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075ab1962 6 bytes [68, B1, 25, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075ab19e5 6 bytes [68, 99, 26, 38, 00, C3]
.text C:\Neuer Ordner\svcnet2\svcnet2.exe[3140] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075ab1a48 6 bytes [68, BF, 24, 38, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cc08fc 4 bytes [68, CE, 7D, 2E]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077cc0901 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077cd25fd 6 bytes [68, 1B, BC, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cdc45a 6 bytes [68, F3, 7E, 2E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ce2a63 6 bytes [68, 61, BC, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077d04128 6 bytes [68, A7, BC, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077d0e659 6 bytes [68, ED, BC, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075f84544 6 bytes [68, 5C, 81, 2E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000075f879e0 6 bytes [68, 1B, 81, 2E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000075edc592 6 bytes [68, D9, 81, 2E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075f12538 6 bytes [68, C2, 81, 2E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetDC 00000000761172c4 4 bytes [68, 94, DD, 2D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000761172c9 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000076117446 6 bytes [68, 12, DE, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076117809 6 bytes [68, C9, C4, 2E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000761178e2 6 bytes [68, 72, D7, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076117bd3 6 bytes [68, 9A, D7, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000076118048 4 bytes [68, D3, DD, 2D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 000000007611804d 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076118a65 6 bytes [68, 1F, BF, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!RegisterClassExW 000000007611b17d 6 bytes [68, B9, BF, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007611db98 6 bytes [68, 0B, C0, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000761205ba 6 bytes [68, C2, D7, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076120d32 6 bytes [68, 51, BE, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076121218 6 bytes [68, A5, D5, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076121341 4 bytes [68, F9, DC, 2D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076121346 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076121361 4 bytes [68, 89, DC, 2D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076121366 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076122a8d 6 bytes [68, 73, D5, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076122aac 6 bytes [68, D3, D6, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076123391 4 bytes [68, 39, DD, 2D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076123396 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007612434b 6 bytes [68, 6C, BF, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076125f74 6 bytes [68, ED, D7, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000076126222 6 bytes [68, E5, DE, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007612792f 6 bytes [68, 9A, BE, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000076127fbb 6 bytes [68, 7C, BD, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007612810c 6 bytes [68, 0B, BE, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000761285c1 6 bytes [68, 33, BD, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000761286b4 6 bytes [68, C5, BD, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007613d41f 6 bytes [68, 52, DE, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007613ed49 6 bytes [68, 83, D6, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!SetCapture 000000007613ed56 4 bytes [68, 29, D6, 2D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007613ed5b 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076159854 6 bytes [68, FD, BB, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076159cfd 6 bytes [68, EC, D5, 2D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076159f1d 6 bytes [68, 78, C6, 2E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000761787cb 4 bytes [68, AD, BB, 2D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000761787d0 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075a3a336 6 bytes [68, 84, 28, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000075a3ab41 6 bytes [68, E4, 26, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000075a3b3fe 6 bytes [68, 51, 27, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075a44a43 6 bytes [68, E2, 23, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075a44c7e 6 bytes [68, 26, 24, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075a45e5d 6 bytes [68, 58, 28, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000075a4ba12 6 bytes [68, 6A, 24, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000075a545e2 6 bytes [68, 4E, 26, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000075a54a35 6 bytes [68, 14, 25, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000075a6ae56 6 bytes [68, 7F, 27, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 0000000075a9b04e 6 bytes [68, FE, 27, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000075ab1962 6 bytes [68, B1, 25, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 0000000075ab19e5 6 bytes [68, 99, 26, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000075ab1a48 6 bytes [68, BF, 24, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076990ec0 6 bytes [68, 60, 62, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076a53918 6 bytes [68, 3D, 2D, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076a54296 6 bytes [68, 4E, 29, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076a54406 6 bytes [68, 96, 2D, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WS2_32.dll!send 0000000076a56f01 6 bytes [68, 75, 2D, 2F, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3160] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076a67673 6 bytes [68, DE, 28, 2F, 00, C3]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76]
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077cbf991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077cbf99b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000077cbfa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 0000000077cbfa17 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000077cbfb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 0000000077cbfb2f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077cbfbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077cbfbdf 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077cbfc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077cbfc0f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077cbfc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077cbfc27 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077cbfc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077cbfc3f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077cbfc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077cbfc6f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077cbfce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077cbfcef 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077cbfcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077cbfd07 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077cbfd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077cbfd53 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 0000000077cbfdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 0000000077cbfdb7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077cbfe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077cbfe4b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 0000000077cbff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 0000000077cbff93 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077cc0099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077cc00a3 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077cc0781 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 0000000077cc078b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077cc0ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077cc1007 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 0000000077cc105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077cc1067 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077cc10a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077cc10af 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077cc111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077cc1127 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077cc1321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077cc132b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075f8103d 5 bytes JMP 0000000100010030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075f81072 5 bytes JMP 0000000100010070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 00000000764f0793 5 bytes JMP 0000000100020030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 00000000764f07c3 5 bytes JMP 0000000100020070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000076244de0 5 bytes JMP 00000001000f03b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000076244f70 5 bytes JMP 00000001000f05f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000762451a2 5 bytes JMP 00000001000f08f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SetTextColor 000000007624522d 5 bytes JMP 00000001000f0a30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000076245689 5 bytes JMP 00000001000f01b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000762458b3 5 bytes JMP 00000001000f0170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000076246bad 5 bytes JMP 00000001000f0370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000076246e05 5 bytes JMP 00000001000f0570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!RestoreDC 0000000076246ead 5 bytes JMP 00000001000f0530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000076247180 5 bytes JMP 00000001000f06b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000076247435 5 bytes JMP 00000001000f0770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076247bcc 5 bytes JMP 00000001000f00b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000076247dc4 5 bytes JMP 00000001000f03f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000076247fd5 5 bytes JMP 00000001000f0d70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000762482b2 5 bytes JMP 00000001000f0e30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SetTextAlign 0000000076248401 5 bytes JMP 00000001000f09f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 000000007624879f 5 bytes JMP 00000001000f02f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000076248916 5 bytes JMP 00000001000f05b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000076248b7a 5 bytes JMP 00000001000f0970
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!MoveToEx 0000000076248ee6 5 bytes JMP 00000001000f0470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000076249875 5 bytes JMP 00000001000f0c70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 0000000076249936 5 bytes JMP 00000001000f0d30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!Rectangle 000000007624a53a 5 bytes JMP 00000001000f09b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetClipBox 000000007624af9f 5 bytes JMP 00000001000f0330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!LineTo 000000007624b9e5 5 bytes JMP 00000001000f0430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SetICMMode 000000007624bd55 5 bytes JMP 00000001000f0db0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!CreateICW 000000007624c040 5 bytes JMP 00000001000f0130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 000000007624c107 5 bytes JMP 00000001000f0670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 000000007624c269 5 bytes JMP 00000001000f06f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 000000007624d1f1 5 bytes JMP 00000001000f0df0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 000000007624d349 5 bytes JMP 00000001000f0630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 000000007624dce4 5 bytes JMP 00000001000f0930
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007624e743 5 bytes JMP 00000001000f00f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000762503b7 5 bytes JMP 00000001000f02b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!Escape 0000000076251bda 5 bytes JMP 00000001000f0270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 0000000076251e89 5 bytes JMP 00000001000f0cf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 0000000076254843 5 bytes JMP 00000001000f0b30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 0000000076255690 5 bytes JMP 00000001000f0b70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!EndPage 0000000076256bde 5 bytes JMP 00000001000f0230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!ResetDCW 000000007625e2db 5 bytes JMP 00000001000f0ab0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 000000007626940d 5 bytes JMP 00000001000f0cb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 000000007626c621 5 bytes JMP 00000001000f0bb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 000000007626d2b2 5 bytes JMP 00000001000f0bf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 000000007626d919 5 bytes JMP 00000001000f0c30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000076273adc 5 bytes JMP 00000001000f0030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000076273f29 5 bytes JMP 00000001000f01f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!StartPage 000000007627401a 5 bytes JMP 00000001000f0730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000076274c51 5 bytes JMP 00000001000f07f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000762753fd 5 bytes JMP 00000001000f0830
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000076275454 5 bytes JMP 00000001000f0af0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000762754af 5 bytes JMP 00000001000f0070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!EndPath 0000000076275506 5 bytes JMP 00000001000f0a70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!StrokePath 000000007627573f 5 bytes JMP 00000001000f07b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!FillPath 00000000762757d2 5 bytes JMP 00000001000f0870
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000076275c44 5 bytes JMP 00000001000f04f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000076275cd5 5 bytes JMP 00000001000f04b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000076275d87 5 bytes JMP 00000001000f08b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!MapWindowPoints 0000000076118c40 5 bytes JMP 0000000100180570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000076119ebd 5 bytes JMP 00000001001802b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000076120afa 5 bytes JMP 00000001001802f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetClientRect 0000000076120c62 7 bytes JMP 00000001001805b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetParent 0000000076120f68 7 bytes JMP 00000001001806f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!IsWindowVisible 000000007612112d 7 bytes JMP 00000001001806b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000761212a5 5 bytes JMP 00000001001805f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!ScreenToClient 000000007612227d 7 bytes JMP 0000000100180670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 0000000076123150 7 bytes JMP 0000000100180630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!SetCursor 00000000761241f6 5 bytes JMP 0000000100180530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 00000000761268ef 5 bytes JMP 0000000100180270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 00000000761277fa 5 bytes JMP 0000000100180230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000076127887 7 bytes JMP 0000000100180730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 0000000076128676 5 bytes JMP 00000001001800f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 0000000076128696 5 bytes JMP 0000000100180330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!CloseClipboard 0000000076128e8d 5 bytes JMP 00000001001800b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000076128ecb 5 bytes JMP 0000000100180070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 000000007612c17b 5 bytes JMP 0000000100180430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 000000007612c449 5 bytes JMP 00000001001801b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 000000007612c468 5 bytes JMP 00000001001803f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 000000007612c486 5 bytes JMP 00000001001801f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007612c4b6 5 bytes JMP 00000001001804b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 000000007612d6c0 5 bytes JMP 00000001001804f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 000000007612e360 5 bytes JMP 0000000100180370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000076158e57 5 bytes JMP 0000000100180170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076159cfd 5 bytes JMP 0000000100180770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076159f1d 5 bytes JMP 0000000100180030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000076177cb9 3 bytes JMP 0000000100180130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!EmptyClipboard + 4 0000000076177cbd 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000076178111 3 bytes JMP 0000000100180470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetClipboardViewer + 4 0000000076178115 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 000000007617832f 3 bytes JMP 00000001001803b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat + 4 0000000076178333 1 byte [8A]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 0000000075819606 5 bytes JMP 00000001001900f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 0000000075820581 5 bytes JMP 0000000100190130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000075820bb9 5 bytes JMP 0000000100190270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000075820c2e 5 bytes JMP 00000001001901b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000075820f2e 5 bytes JMP 0000000100190070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000075821096 5 bytes JMP 00000001001900b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007582124e 5 bytes JMP 00000001001901f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 000000007582129d 5 bytes JMP 0000000100190230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000075821527 5 bytes JMP 0000000100190030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 0000000075821590 5 bytes JMP 0000000100190170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\ole32.dll!OleSetClipboard 00000000777a0045 5 bytes JMP 0000000100250030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000777a36b2 5 bytes JMP 0000000100250070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\ole32.dll!OleGetClipboard 00000000777cfdcd 5 bytes JMP 00000001002500b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76]
.text ... * 2
---- EOF - GMER 2.1 ----
|
|
05.05.2013, 18:57
| #3 |
| /// Malwareteam / Visitor  | Probleme mit trojaner "zbot.gen aj " Hallo ich bin smeenk und ich werde versuchen dir mit deinem Problem zu helfen
__________________ Systemscan mit ZOEK Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
Bitte poste in deiner nächsten Antwort:
Bitte Logs in Code-Tags posten. Code-Tags macht man so:[code] Dein Log hier [/code] |
|
05.05.2013, 19:13
| #4 |
| | Probleme mit trojaner "zbot.gen aj " Hallo Smeenk, danke für die rasche Antwort Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 03-May-2013
Tool run by Farzad on 05.05.2013 at 20:03:38,22.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Farzad\AppData\Roaming\Mozilla\Firefox\Profiles\39scow5o.default
---- Lines ask.com removed from prefs.js ----
user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
---- Lines ask.com modified from prefs.js ----
---- Lines ask.com removed from user.js ----
---- Lines Search-Results removed from prefs.js ----
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
---- Lines Search-Results modified from prefs.js ----
---- Lines Search-Results removed from user.js ----
---- FireFox user.js and prefs.js backups ----
user__2006_.backup
prefs__2006_.backup
==== Deleting Files \ Folders ======================
"C:\Users\Farzad\AppData\Roaming\srvblck5.tmp" deleted
"C:\ProgramData\go_0molg.pad" deleted
"C:\Users\Farzad\AppData\Roaming\Kuyf\kopie.exe" deleted
"C:\Users\Farzad\AppData\Roaming\Kuyf\libnspr4.dll" deleted
"C:\Users\Farzad\AppData\Roaming\Uqufy\pikee.ymi" deleted
"C:\Users\Farzad\AppData\Roaming\kock" deleted
"C:\Users\Farzad\AppData\Roaming\Kuyf" deleted
"C:\Users\Farzad\AppData\Roaming\Uqufy" deleted
"C:\Users\Farzad\AppData\Roaming\Acxihi" deleted
"C:\Program Files (x86)\JDownloader" deleted
"C:\Users\Farzad\AppData\Roaming\DealPly" deleted
"C:\Users\Farzad\AppData\LocalLow\boost_interprocess" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Farzad\AppData\Local\Temp ====
2013-05-05 16:18:47 28A57355D9583B66E51AD978384C159E 10240 ----a-w- C:\Users\Farzad\AppData\Local\Temp\libnspr4.dll
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
======= C: =====
====== C:\Users\Farzad\AppData\Roaming ======
====== C:\Users\Farzad ======
2013-05-05 17:02:25 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Farzad\defogger_reenable
2013-05-05 16:40:19 -------- d-----w- C:\ProgramData\XoftSpySE
====== C: exe-files ==
2013-05-05 17:13:28 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Farzad\Desktop\gmer_2.1.19163.exe
2013-05-05 17:04:59 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Farzad\Downloads\OTL.exe
2013-05-05 17:01:26 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Farzad\Desktop\Defogger.exe
2013-05-05 16:39:45 E7EDDA29231172A968BCA29D8B5F544E 4322608 ----a-w- C:\Users\Farzad\Downloads\XoftSpySE_Setup_RW.exe
=== C: other files ==
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-4247944434-3292744028-4080832972-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"="C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"WebCallDirect"="C:\Program Files (x86)\WebCallDirect.com\WebCallDirect\WebCallDirect.exe -nosplash -minimized"
"Ifilbubuiv"="C:\Users\Farzad\AppData\Roaming\Kuyf\kopie.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"svcnet2"="C:\Neuer Ordner\svcnet2\svcnet2.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"="C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"WebCallDirect"="C:\Program Files (x86)\WebCallDirect.com\WebCallDirect\WebCallDirect.exe -nosplash -minimized"
"Ifilbubuiv"="C:\Users\Farzad\AppData\Roaming\Kuyf\kopie.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe"
"Monitor"="C:\Windows\Philips\SPC220NC\Monitor.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
==== Startup Folders ======================
2011-05-08 19:02:25 2003 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [25.06.2011 11:03]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [25.06.2011 11:03]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Farzad\AppData\Roaming\Mozilla\Firefox\Profiles\39scow5o.default
- Java Link Helper - C:\Users\Farzad\AppData\Roaming\10001.064
- DealPly - %ProfilePath%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
- DivX Web Player - %ProfilePath%\extensions\DivXWebPlayer@divx.com.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
==== Firefox Plugins ======================
Profilepath: C:\Users\Farzad\AppData\Roaming\Mozilla\Firefox\Profiles\39scow5o.default
1B197A0ED28DB310AB67591567C3787A - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.150.3
E7BC792810EC02DD1F7ED25D830E9324 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll - Shockwave Flash
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Deleting Files \ Folders ======================
"C:\Users\Farzad\AppData\Roaming\Mozilla\Firefox\Profiles\39scow5o.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}" deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fnjbmmemklcjgepojigaapkoodmkgbae - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx[08.02.2011 02:17]
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\dealply.crx[]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx[08.02.2011 02:17]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD} Google Url="hxxp://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=de&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Farzad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Farzad\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Farzad\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Farzad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\Farzad\AppData\Local\Mozilla\Firefox\Profiles\39scow5o.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Farzad\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Farzad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
|
|
05.05.2013, 19:31
| #5 |
| /// Malwareteam / Visitor | Probleme mit trojaner "zbot.gen aj " Zoek hat noch einige Uberbleibsel von Zbot/Zeus gelöscht
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
05.05.2013, 19:46
| #6 |
| | Probleme mit trojaner "zbot.gen aj " hier der zoek bericht Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 03-May-2013
Tool run by Farzad on 05.05.2013 at 20:38:19,80.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results05.05.2013-2010.log 11556 bytes
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"svcnet2"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Ifilbubuiv"=-
==== Deleting Files \ Folders ======================
"C:\Users\Farzad\AppData\Roaming\*.tmp" not found
"C:\Neuer Ordner\svcnet2\svcnet2.dll" deleted
"C:\Neuer Ordner\svcnet2\svcnet2.exe" deleted
"C:\Neuer Ordner\svcnet2\uninstall.exe" deleted
"C:\Neuer Ordner\svcnet2" not deleted
After Reboot
==== Deleting Files / Folders ======================
"C:\Neuer Ordner\svcnet2" not found
Code:
ATTFilter # AdwCleaner v2.300 - Datei am 05/05/2013 um 20:41:51 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Farzad - FARZAD-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Farzad\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v14.0.1 (de)
Datei : C:\Users\Farzad\AppData\Roaming\Mozilla\Firefox\Profiles\39scow5o.default\prefs.js
C:\Users\Farzad\AppData\Roaming\Mozilla\Firefox\Profiles\39scow5o.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.dealply.partner", "_facemoods");
Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{9A207F60-3F1C-4ED0-972D-0A4[...]
Gelöscht : user_pref("extensions.facemoods.aflt", "_#gppc");
Gelöscht : user_pref("extensions.facemoods.firstRun", false);
Gelöscht : user_pref("extensions.facemoods.lastActv", "15");
*************************
AdwCleaner[S1].txt - [2678 octets] - [05/05/2013 20:41:51]
########## EOF - C:\AdwCleaner[S1].txt - [2738 octets] ##########
|
|
05.05.2013, 20:40
| #7 |
| /// Malwareteam / Visitor | Probleme mit trojaner "zbot.gen aj " Merkst Du momentan noch einige Probleme? Downloade Dir bitte  SecurityCheck und:
|
|
05.05.2013, 20:57
| #8 |
| | Probleme mit trojaner "zbot.gen aj " Hallo, also mein antivirus program sagt nix mehr scheint alles gut aus zu sehen? Code:
ATTFilter Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 37
Java 7 Update 15
Java version out of Date!
Adobe Flash Player 11.4.402.287 Flash Player out of Date!
Adobe Reader 10.1.0 Adobe Reader out of Date!
Mozilla Firefox 14.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
05.05.2013, 21:13
| #9 |
| /// Malwareteam / Visitor | Probleme mit trojaner "zbot.gen aj " Plugincheck: https://www.mozilla.org/de/plugincheck Mach diese Check, veraltete Plugins aktualisieren lassen. Nachher SecurityCheck drehen und mir der neue Log posten |
|
06.05.2013, 16:26
| #10 |
| | Probleme mit trojaner "zbot.gen aj " so hier nochmal nach update Code:
ATTFilter Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 37
Java 7 Update 21
Adobe Flash Player 11.7.700.169
Adobe Reader XI
Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
den IE hab ich jetzt auch upgedatet Geändert von lostz2010 (06.05.2013 um 16:34 Uhr) |
|
06.05.2013, 20:44
| #11 |
| /// Malwareteam / Visitor | Probleme mit trojaner "zbot.gen aj " Alles sieht wieder ganz OK aus  Wir räumen zuerst noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Abschließend noch Tipps zu folgenden Themen:
 Lesestoff:Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff:Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff:Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
Lesestoff:Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
|
|
06.05.2013, 21:01
| #12 |
| | Probleme mit trojaner "zbot.gen aj " So alles erledigt. TAUSEND DANK für die rasche Hilfe. Ihr macht hier ein klasse Job!!  gruß |
|
07.05.2013, 06:32
| #13 |
| /// Malwareteam / Visitor | Probleme mit trojaner "zbot.gen aj " Ich habe dir gerne geholfen gruß Smeenk |
|
| Themen zu Probleme mit trojaner "zbot.gen aj " |
| formatiere, heute, hoffe, infos, leute, probleme, troja, trojaner |
Linear-Darstellung
