| |
| |||||||
Log-Analyse und Auswertung: Bitdefender meldet Trojan.GenericKD.1440205Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.01.2014, 14:53
| #1 |
 |  Bitdefender meldet Trojan.GenericKD.1440205 Bitdefender hat vor ein paar Tagen die unten angegebenen Meldungen angezeigt. Ansonsten nichts bemerkt, außer, dass das Verzeichnis C:\Users\Anonym\AppData\Local\Temp\PDF24 vom PDF-Drucker nicht mehr beschrieben werde konnte. Nachdem ich den Ordner gelöscht habe, geht es wieder. Virustotal: https://www.virustotal.com/de/file/3e80ae42c92f333799e1ba3c3dd28a1794f42bb2bbe302cd974e178eee0b1723/analysis/1389012534/ Bitdefender Code:
ATTFilter The file C:\Users\Anonym\AppData\Local\Temp\P1USPtHp.exe.part has been detected as infected. Bitdefender denied this item.
Virus name: Trojan.GenericKD.1440205
The file C:\Users\Anonym\AppData\Local\Temp\ibJoQv9n.exe.part has been detected as infected. Bitdefender denied this item.
Virus name: Trojan.GenericKD.1440205
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2014
Ran by Admin (administrator) on HP-PAVILLION on 10-01-2014 15:17:20
Running from C:\Users\Anonym\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1614344 2013-11-20] (Bitdefender)
HKLM\...\Run: [KeePass 2 PreLoad] - C:\Program Files\KeePass Password Safe 2\KeePass.exe [1960448 2013-04-05] (Dominik Reichl)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
MountPoints2: {5e8555c9-955a-11e2-913c-806e6f6e6963} - E:\autorun.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA0E97C95A129CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5ido52vh.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
========================== Services (Whitelisted) =================
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [249976 2013-06-14] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [54960 2013-08-27] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1343472 2013-11-20] (Bitdefender)
==================== Drivers (Whitelisted) ====================
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [640560 2013-08-01] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [490144 2013-08-01] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-11-20] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys [135600 2013-08-07] (BitDefender LLC)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-10-02] (BitDefender LLC)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [55416 2013-06-14] ()
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-14] (Macrium Software)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [13432 2013-06-14] (Paramount Software UK Ltd)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [360376 2013-10-02] (BitDefender S.R.L.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-10 15:17 - 2014-01-10 15:17 - 00005277 _____ C:\Users\Anonym\Downloads\FRST.txt
2014-01-10 14:27 - 2014-01-10 14:29 - 00000241 _____ C:\Users\Anonym\Downloads\Neues Textdokument.txt
2014-01-10 14:13 - 2014-01-10 14:13 - 00000000 ____D C:\Users\Anonym\AppData\Local\PDF24
2014-01-10 14:07 - 2014-01-10 14:07 - 00000000 ____D C:\Users\Admin\AppData\Local\PDF24
2014-01-10 14:01 - 2014-01-10 14:01 - 00001819 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-01-09 16:31 - 2014-01-10 11:14 - 00000000 ____D C:\Users\Anonym\Desktop\KORRESPONDENZ - BLANKO
2014-01-09 14:59 - 2014-01-09 14:59 - 00000000 ____D C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-07 11:50 - 2014-01-10 11:01 - 00000000 ____D C:\Users\Anonym\AppData\Roaming\Foxit Scanner Images
2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2014-01-06 14:54 - 2014-01-10 14:43 - 00192037 _____ C:\Users\Anonym\Downloads\gmer.log
2014-01-06 14:19 - 2014-01-10 15:09 - 00000000 ____D C:\FRST
2014-01-06 14:17 - 2014-01-10 15:09 - 01066141 _____ (Farbar) C:\Users\Anonym\Downloads\FRST.exe
2014-01-06 14:17 - 2014-01-06 14:17 - 00377856 _____ C:\Users\Anonym\Downloads\gmer_2.1.19163.exe
2014-01-06 12:57 - 2014-01-06 12:57 - 00000000 ____D C:\Program Files\OpenEstate-ImmoTool
2013-12-28 14:16 - 2013-12-28 14:17 - 00000000 ____D C:\Users\Anonym\Desktop\Neuer Ordner
2013-12-16 08:23 - 2013-12-16 08:23 - 00131072 ____N C:\Windows\Minidump\121613-30342-01.dmp
2013-12-14 16:07 - 2013-12-14 16:07 - 00131072 ____N C:\Windows\Minidump\121413-34039-01.dmp
2013-12-12 14:43 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 14:43 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 14:43 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 14:43 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 14:43 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 14:43 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 14:43 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 14:43 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 14:43 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 14:43 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 14:43 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 14:43 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 14:43 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 14:43 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 14:43 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 14:43 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 14:43 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 14:43 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 14:43 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 14:38 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 14:38 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 08:53 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 08:53 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 08:53 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 08:53 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 08:53 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 08:53 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 08:53 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 08:52 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 08:52 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 08:52 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 08:52 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
==================== One Month Modified Files and Folders =======
2014-01-10 15:17 - 2014-01-10 15:17 - 00005277 _____ C:\Users\Anonym\Downloads\FRST.txt
2014-01-10 15:16 - 2009-07-14 05:39 - 01186104 _____ C:\Windows\setupact.log
2014-01-10 15:11 - 2009-07-14 05:34 - 00022032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-10 15:11 - 2009-07-14 05:34 - 00022032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-10 15:09 - 2014-01-06 14:19 - 00000000 ____D C:\FRST
2014-01-10 15:09 - 2014-01-06 14:17 - 01066141 _____ (Farbar) C:\Users\Anonym\Downloads\FRST.exe
2014-01-10 15:09 - 2010-11-20 22:01 - 00005194 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-10 15:07 - 2013-11-01 19:07 - 00000917 _____ C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {A694DE30-5F99-4288-B18F-0FC22B6D624B}.job
2014-01-10 15:07 - 2013-11-01 19:07 - 00000731 _____ C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {A694DE30-5F99-4288-B18F-0FC22B6D624B}.job
2014-01-10 15:07 - 2013-03-26 13:25 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla
2014-01-10 15:07 - 2013-03-25 15:46 - 01944976 _____ C:\Windows\WindowsUpdate.log
2014-01-10 15:07 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2014-01-10 14:59 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-10 14:53 - 2013-03-26 14:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-10 14:43 - 2014-01-06 14:54 - 00192037 _____ C:\Users\Anonym\Downloads\gmer.log
2014-01-10 14:29 - 2014-01-10 14:27 - 00000241 _____ C:\Users\Anonym\Downloads\Neues Textdokument.txt
2014-01-10 14:21 - 2013-11-01 18:21 - 00000917 _____ C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {03A9264B-F446-42F5-90B8-162111576567}.job
2014-01-10 14:21 - 2013-11-01 18:21 - 00000731 _____ C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {03A9264B-F446-42F5-90B8-162111576567}.job
2014-01-10 14:13 - 2014-01-10 14:13 - 00000000 ____D C:\Users\Anonym\AppData\Local\PDF24
2014-01-10 14:07 - 2014-01-10 14:07 - 00000000 ____D C:\Users\Admin\AppData\Local\PDF24
2014-01-10 14:04 - 2013-03-25 19:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-10 14:02 - 2013-03-26 13:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-10 14:01 - 2014-01-10 14:01 - 00001819 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-01-10 14:01 - 2013-06-23 10:00 - 00000000 ____D C:\Program Files\PDF24
2014-01-10 11:14 - 2014-01-09 16:31 - 00000000 ____D C:\Users\Anonym\Desktop\KORRESPONDENZ - BLANKO
2014-01-10 11:01 - 2014-01-07 11:50 - 00000000 ____D C:\Users\Anonym\AppData\Roaming\Foxit Scanner Images
2014-01-09 14:59 - 2014-01-09 14:59 - 00000000 ____D C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-09 04:25 - 2009-07-14 05:53 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-08 16:38 - 2013-06-21 17:34 - 00031744 _____ C:\Users\Anonym\Desktop\Privat - Sonstiges 2014.xls
2014-01-07 13:59 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2014-01-06 14:17 - 2014-01-06 14:17 - 00377856 _____ C:\Users\Anonym\Downloads\gmer_2.1.19163.exe
2014-01-06 13:58 - 2013-06-20 09:23 - 00000000 ____D C:\Users\Anonym\AppData\Roaming\KeePass
2014-01-06 12:57 - 2014-01-06 12:57 - 00000000 ____D C:\Program Files\OpenEstate-ImmoTool
2013-12-28 14:17 - 2013-12-28 14:16 - 00000000 ____D C:\Users\Anonym\Desktop\Neuer Ordner
2013-12-16 08:24 - 2013-05-22 18:53 - 00000000 ____D C:\Windows\Minidump
2013-12-16 08:23 - 2013-12-16 08:23 - 00131072 ____N C:\Windows\Minidump\121613-30342-01.dmp
2013-12-14 16:07 - 2013-12-14 16:07 - 00131072 ____N C:\Windows\Minidump\121413-34039-01.dmp
2013-12-12 14:48 - 2009-07-14 05:33 - 00301632 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 14:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-12 14:43 - 2013-03-25 20:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 14:41 - 2013-07-19 07:41 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 14:39 - 2013-03-25 21:37 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-11 08:53 - 2013-03-26 14:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 08:53 - 2013-03-26 14:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Anonym\AppData\Local\Temp\Checkupdate.exe
C:\Users\Anonym\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Anonym\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Anonym\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Anonym\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Anonym\AppData\Local\Temp\secuniasi3858215019176989230.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-10 12:33
==================== End Of Log ============================
--- --- --- --- --- --- GMER, Teil 1 Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-06 14:54:37
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD2500BEVS-60UST0 rev.01.01A01 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uxliapoc.sys
---- System - GMER 2.1 ----
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwAllocateVirtualMemory [0x8DB920BE]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwAlpcConnectPort [0x8DB95566]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwAlpcSendWaitReceivePort [0x8DB9509C]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwAssignProcessToJobObject [0x8DB92C88]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwClose [0x8DB95B8C]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwConnectPort [0x8DB94418]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateFile [0x8DB9395C]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateKey [0x8DB94B10]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateProcess [0x8DB92EDE]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateProcessEx [0x8DB92F94]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateSection [0x8DB9327E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateThread [0x8DB91A2E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateThreadEx [0x8DB95DA8]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwDeviceIoControlFile [0x8DB94C80]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwDuplicateObject [0x8DB9911A]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwFsControlFile [0x8DB94F38]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwLoadDriver [0x8DB92594]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwMakeTemporaryObject [0x8DB95934]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwOpenFile [0x8DB9374E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwOpenProcess [0x8DB98B72]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwOpenSection [0x8DB9304E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwOpenThread [0x8DB98E22]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwProtectVirtualMemory [0x8DB91F42]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwQueueApcThread [0x8DB92DB0]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwReplaceKey [0x8DB95782]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwRequestPort [0x8DB94586]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwRequestWaitReplyPort [0x8DB93F1A]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwRestoreKey [0x8DB9580C]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSecureConnectPort [0x8DB949A0]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSetContextThread [0x8DB91B9E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSetSecurityObject [0x8DB956DC]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSetSystemInformation [0x8DB9278E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwShutdownSystem [0x8DB9589E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSuspendProcess [0x8DB91E1A]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSuspendThread [0x8DB91CF4]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSystemDebugControl [0x8DB92BBA]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwTerminateProcess [0x8DB98A6A]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwTerminateThread [0x8DB9930C]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwUnloadDriver [0x8DB959CA]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwWriteVirtualMemory [0x8DB918B2]
SYSENTER \SystemRoot\system32\DRIVERS\avc3.sys 8889E000
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A76A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB0212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82AB7488 4 Bytes [BE, 20, B9, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82AB7494 4 Bytes [66, 55, B9, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82AB74D8 4 Bytes [9C, 50, B9, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82AB74E8 4 Bytes [88, 2C, B9, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 82AB7504 4 Bytes [8C, 5B, B9, 8D]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x93431340, 0x3EE217, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\svchost.exe[108] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26391
.text C:\Windows\system32\svchost.exe[108] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\system32\svchost.exe[108] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\svchost.exe[1116] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26391
.text C:\Windows\system32\svchost.exe[1116] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\system32\svchost.exe[1116] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\System32\svchost.exe[1216] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26391
.text C:\Windows\System32\svchost.exe[1216] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\System32\svchost.exe[1216] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\System32\svchost.exe[1216] USERENV.dll!LoadUserProfileW + 1F1 00E31C9D 5 Bytes JMP 74D26421
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\System32\svchost.exe[1268] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26391
.text C:\Windows\System32\svchost.exe[1268] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\System32\svchost.exe[1268] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\System32\svchost.exe[1268] SHELL32.dll!Shell_NotifyIconW 75930171 5 Bytes JMP 74D24891
.text C:\Windows\System32\svchost.exe[1268] SHELL32.dll!SHRestricted + 251E 75991621 5 Bytes JMP 74D26421
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26391
.text C:\Windows\system32\svchost.exe[1328] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\system32\svchost.exe[1328] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26391
.text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26391
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D26391
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\System32\spoolsv.exe[1700] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26541
.text C:\Windows\System32\spoolsv.exe[1700] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\System32\spoolsv.exe[1700] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\System32\spoolsv.exe[1700] SHELL32.dll!Shell_NotifyIconW 75930171 5 Bytes JMP 74D24891
.text C:\Windows\System32\spoolsv.exe[1700] SHELL32.dll!SHRestricted + 251E 75991621 5 Bytes JMP 74D265D1
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\svchost.exe[1776] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26391
.text C:\Windows\system32\svchost.exe[1776] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\system32\svchost.exe[1776] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!WahWriteLSPEvent 76F4145D 5 Bytes JMP 74D26421
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!closesocket 76F43918 5 Bytes JMP 74D25851
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!WSASocketW 76F43CD3 5 Bytes JMP 74D257C1
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!socket 76F43EB8 5 Bytes JMP 74D260C1
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!WSASend 76F44406 5 Bytes JMP 74D220A1
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!GetAddrInfoW 76F44889 5 Bytes JMP 74D25191
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!recv 76F46B0E 5 Bytes JMP 74D26271
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!connect 76F46BDD 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!connect 76F46BDD 5 Bytes JMP 74D23DE1
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!send 76F46F01 5 Bytes JMP 74D22011
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!WSARecv 76F47089 5 Bytes JMP 74D26301
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!WSAConnect 76F4CC3F 5 Bytes JMP 74D261E1
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!gethostbyname 76F57673 5 Bytes JMP 74D25221
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\svchost.exe[1876] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26391
.text C:\Windows\system32\svchost.exe[1876] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\system32\svchost.exe[1876] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D26391
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!FindWindowExA 76A46F69 5 Bytes JMP 74D25C41
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!FindWindowA 76A48FF3 5 Bytes JMP 74D25BB1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!CallNextHookEx 76A4ABE1 5 Bytes JMP 74D24771
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 74D24801
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!FindWindowW 76A4AE0D 5 Bytes JMP 74D25CD1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!PostMessageA 76A4B446 5 Bytes JMP 74D26421
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!CreateWindowExA 76A4BF40 5 Bytes JMP 74D25341
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 74D22AC1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!CreateWindowExW 76A4EC7C 5 Bytes JMP 74D252B1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!ShowWindow 76A4F2A9 5 Bytes JMP 74D253D1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!GetMessageA 76A51899 5 Bytes JMP 74D23F91
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!PeekMessageA 76A519A5 5 Bytes JMP 74D240B1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!PostMessageW 76A5447B 5 Bytes JMP 74D264B1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!SetWindowTextW 76A5612B 5 Bytes JMP 74D25731
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!PeekMessageW 76A5634A 5 Bytes JMP 74D24141
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!GetMessageW 76A5CDE8 5 Bytes JMP 74D24021
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!UserClientDllInitialize 76A5D711 5 Bytes JMP 74D26541
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!SetWindowTextA 76A70C5B 5 Bytes JMP 74D256A1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!DialogBoxIndirectParamAorW 76A73B40 5 Bytes JMP 74D254F1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!CreateDialogIndirectParamAorW 76A75327 5 Bytes JMP 74D25461
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 74D22A31
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!FindWindowExW 76A7712B 5 Bytes JMP 74D25D61
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!MessageBoxExA 76A9E9C9 5 Bytes JMP 74D25581
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!MessageBoxExW 76A9E9ED 5 Bytes JMP 74D25611
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D91
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22E21
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22D01
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23211
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D23181
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D246E1
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D23061
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25A01
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D222E1
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D25971
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D26391
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21B01
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D22011
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D24771
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21F81
.text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21DD1
.text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D229A1
.text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D226D1
.text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D225B1
.text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22F41
.text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D24651
.text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D22881
Geändert von logposter (10.01.2014 um 15:26 Uhr) |
| Themen zu Bitdefender meldet Trojan.GenericKD.1440205 |
| antispyware, antivirus, browser, defender, desktop, excel, explorer, fehler, firefox, firewall, flash player, helper, homepage, minidump, mozilla, ntdll.dll, performance, plug-in, prozess, registry, rundll, security, services.exe, software, svchost.exe, temp, windows, winlogon.exe |
Baum-Darstellung