| |
| |||||||
Log-Analyse und Auswertung: Bitdefender meldet Trojan.GenericKD.1440205Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.01.2014, 14:53
| #1 |
 |  Bitdefender meldet Trojan.GenericKD.1440205 Bitdefender hat vor ein paar Tagen die unten angegebenen Meldungen angezeigt. Ansonsten nichts bemerkt, außer, dass das Verzeichnis C:\Users\Anonym\AppData\Local\Temp\PDF24 vom PDF-Drucker nicht mehr beschrieben werde konnte. Nachdem ich den Ordner gelöscht habe, geht es wieder. Virustotal: https://www.virustotal.com/de/file/3e80ae42c92f333799e1ba3c3dd28a1794f42bb2bbe302cd974e178eee0b1723/analysis/1389012534/ Bitdefender Code:
ATTFilter The file C:\Users\Anonym\AppData\Local\Temp\P1USPtHp.exe.part has been detected as infected. Bitdefender denied this item.
Virus name: Trojan.GenericKD.1440205
The file C:\Users\Anonym\AppData\Local\Temp\ibJoQv9n.exe.part has been detected as infected. Bitdefender denied this item.
Virus name: Trojan.GenericKD.1440205
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2014
Ran by Admin (administrator) on HP-PAVILLION on 10-01-2014 15:17:20
Running from C:\Users\Anonym\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1614344 2013-11-20] (Bitdefender)
HKLM\...\Run: [KeePass 2 PreLoad] - C:\Program Files\KeePass Password Safe 2\KeePass.exe [1960448 2013-04-05] (Dominik Reichl)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
MountPoints2: {5e8555c9-955a-11e2-913c-806e6f6e6963} - E:\autorun.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA0E97C95A129CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5ido52vh.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
========================== Services (Whitelisted) =================
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [249976 2013-06-14] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [54960 2013-08-27] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1343472 2013-11-20] (Bitdefender)
==================== Drivers (Whitelisted) ====================
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [640560 2013-08-01] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [490144 2013-08-01] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-11-20] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys [135600 2013-08-07] (BitDefender LLC)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-10-02] (BitDefender LLC)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [55416 2013-06-14] ()
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-14] (Macrium Software)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [13432 2013-06-14] (Paramount Software UK Ltd)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [360376 2013-10-02] (BitDefender S.R.L.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-10 15:17 - 2014-01-10 15:17 - 00005277 _____ C:\Users\Anonym\Downloads\FRST.txt
2014-01-10 14:27 - 2014-01-10 14:29 - 00000241 _____ C:\Users\Anonym\Downloads\Neues Textdokument.txt
2014-01-10 14:13 - 2014-01-10 14:13 - 00000000 ____D C:\Users\Anonym\AppData\Local\PDF24
2014-01-10 14:07 - 2014-01-10 14:07 - 00000000 ____D C:\Users\Admin\AppData\Local\PDF24
2014-01-10 14:01 - 2014-01-10 14:01 - 00001819 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-01-09 16:31 - 2014-01-10 11:14 - 00000000 ____D C:\Users\Anonym\Desktop\KORRESPONDENZ - BLANKO
2014-01-09 14:59 - 2014-01-09 14:59 - 00000000 ____D C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-07 11:50 - 2014-01-10 11:01 - 00000000 ____D C:\Users\Anonym\AppData\Roaming\Foxit Scanner Images
2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2014-01-06 14:54 - 2014-01-10 14:43 - 00192037 _____ C:\Users\Anonym\Downloads\gmer.log
2014-01-06 14:19 - 2014-01-10 15:09 - 00000000 ____D C:\FRST
2014-01-06 14:17 - 2014-01-10 15:09 - 01066141 _____ (Farbar) C:\Users\Anonym\Downloads\FRST.exe
2014-01-06 14:17 - 2014-01-06 14:17 - 00377856 _____ C:\Users\Anonym\Downloads\gmer_2.1.19163.exe
2014-01-06 12:57 - 2014-01-06 12:57 - 00000000 ____D C:\Program Files\OpenEstate-ImmoTool
2013-12-28 14:16 - 2013-12-28 14:17 - 00000000 ____D C:\Users\Anonym\Desktop\Neuer Ordner
2013-12-16 08:23 - 2013-12-16 08:23 - 00131072 ____N C:\Windows\Minidump\121613-30342-01.dmp
2013-12-14 16:07 - 2013-12-14 16:07 - 00131072 ____N C:\Windows\Minidump\121413-34039-01.dmp
2013-12-12 14:43 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 14:43 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 14:43 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 14:43 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 14:43 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 14:43 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 14:43 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 14:43 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 14:43 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 14:43 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 14:43 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 14:43 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 14:43 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 14:43 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 14:43 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 14:43 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 14:43 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 14:43 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 14:43 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 14:38 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 14:38 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 08:53 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 08:53 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 08:53 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 08:53 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 08:53 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 08:53 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 08:53 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 08:52 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 08:52 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 08:52 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 08:52 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
==================== One Month Modified Files and Folders =======
2014-01-10 15:17 - 2014-01-10 15:17 - 00005277 _____ C:\Users\Anonym\Downloads\FRST.txt
2014-01-10 15:16 - 2009-07-14 05:39 - 01186104 _____ C:\Windows\setupact.log
2014-01-10 15:11 - 2009-07-14 05:34 - 00022032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-10 15:11 - 2009-07-14 05:34 - 00022032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-10 15:09 - 2014-01-06 14:19 - 00000000 ____D C:\FRST
2014-01-10 15:09 - 2014-01-06 14:17 - 01066141 _____ (Farbar) C:\Users\Anonym\Downloads\FRST.exe
2014-01-10 15:09 - 2010-11-20 22:01 - 00005194 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-10 15:07 - 2013-11-01 19:07 - 00000917 _____ C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {A694DE30-5F99-4288-B18F-0FC22B6D624B}.job
2014-01-10 15:07 - 2013-11-01 19:07 - 00000731 _____ C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {A694DE30-5F99-4288-B18F-0FC22B6D624B}.job
2014-01-10 15:07 - 2013-03-26 13:25 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla
2014-01-10 15:07 - 2013-03-25 15:46 - 01944976 _____ C:\Windows\WindowsUpdate.log
2014-01-10 15:07 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2014-01-10 14:59 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-10 14:53 - 2013-03-26 14:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-10 14:43 - 2014-01-06 14:54 - 00192037 _____ C:\Users\Anonym\Downloads\gmer.log
2014-01-10 14:29 - 2014-01-10 14:27 - 00000241 _____ C:\Users\Anonym\Downloads\Neues Textdokument.txt
2014-01-10 14:21 - 2013-11-01 18:21 - 00000917 _____ C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {03A9264B-F446-42F5-90B8-162111576567}.job
2014-01-10 14:21 - 2013-11-01 18:21 - 00000731 _____ C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {03A9264B-F446-42F5-90B8-162111576567}.job
2014-01-10 14:13 - 2014-01-10 14:13 - 00000000 ____D C:\Users\Anonym\AppData\Local\PDF24
2014-01-10 14:07 - 2014-01-10 14:07 - 00000000 ____D C:\Users\Admin\AppData\Local\PDF24
2014-01-10 14:04 - 2013-03-25 19:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-10 14:02 - 2013-03-26 13:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-10 14:01 - 2014-01-10 14:01 - 00001819 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-01-10 14:01 - 2013-06-23 10:00 - 00000000 ____D C:\Program Files\PDF24
2014-01-10 11:14 - 2014-01-09 16:31 - 00000000 ____D C:\Users\Anonym\Desktop\KORRESPONDENZ - BLANKO
2014-01-10 11:01 - 2014-01-07 11:50 - 00000000 ____D C:\Users\Anonym\AppData\Roaming\Foxit Scanner Images
2014-01-09 14:59 - 2014-01-09 14:59 - 00000000 ____D C:\Users\Anonym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-09 04:25 - 2009-07-14 05:53 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-08 16:38 - 2013-06-21 17:34 - 00031744 _____ C:\Users\Anonym\Desktop\Privat - Sonstiges 2014.xls
2014-01-07 13:59 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2014-01-06 14:17 - 2014-01-06 14:17 - 00377856 _____ C:\Users\Anonym\Downloads\gmer_2.1.19163.exe
2014-01-06 13:58 - 2013-06-20 09:23 - 00000000 ____D C:\Users\Anonym\AppData\Roaming\KeePass
2014-01-06 12:57 - 2014-01-06 12:57 - 00000000 ____D C:\Program Files\OpenEstate-ImmoTool
2013-12-28 14:17 - 2013-12-28 14:16 - 00000000 ____D C:\Users\Anonym\Desktop\Neuer Ordner
2013-12-16 08:24 - 2013-05-22 18:53 - 00000000 ____D C:\Windows\Minidump
2013-12-16 08:23 - 2013-12-16 08:23 - 00131072 ____N C:\Windows\Minidump\121613-30342-01.dmp
2013-12-14 16:07 - 2013-12-14 16:07 - 00131072 ____N C:\Windows\Minidump\121413-34039-01.dmp
2013-12-12 14:48 - 2009-07-14 05:33 - 00301632 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 14:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-12 14:43 - 2013-03-25 20:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 14:41 - 2013-07-19 07:41 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 14:39 - 2013-03-25 21:37 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-11 08:53 - 2013-03-26 14:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 08:53 - 2013-03-26 14:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Anonym\AppData\Local\Temp\Checkupdate.exe
C:\Users\Anonym\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Anonym\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Anonym\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Anonym\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Anonym\AppData\Local\Temp\secuniasi3858215019176989230.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-10 12:33
==================== End Of Log ============================
--- --- --- --- --- --- GMER, Teil 1 Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-06 14:54:37
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD2500BEVS-60UST0 rev.01.01A01 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uxliapoc.sys
---- System - GMER 2.1 ----
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwAllocateVirtualMemory [0x8DB920BE]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwAlpcConnectPort [0x8DB95566]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwAlpcSendWaitReceivePort [0x8DB9509C]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwAssignProcessToJobObject [0x8DB92C88]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwClose [0x8DB95B8C]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwConnectPort [0x8DB94418]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateFile [0x8DB9395C]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateKey [0x8DB94B10]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateProcess [0x8DB92EDE]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateProcessEx [0x8DB92F94]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateSection [0x8DB9327E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateThread [0x8DB91A2E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateThreadEx [0x8DB95DA8]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwDeviceIoControlFile [0x8DB94C80]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwDuplicateObject [0x8DB9911A]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwFsControlFile [0x8DB94F38]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwLoadDriver [0x8DB92594]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwMakeTemporaryObject [0x8DB95934]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwOpenFile [0x8DB9374E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwOpenProcess [0x8DB98B72]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwOpenSection [0x8DB9304E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwOpenThread [0x8DB98E22]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwProtectVirtualMemory [0x8DB91F42]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwQueueApcThread [0x8DB92DB0]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwReplaceKey [0x8DB95782]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwRequestPort [0x8DB94586]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwRequestWaitReplyPort [0x8DB93F1A]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwRestoreKey [0x8DB9580C]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSecureConnectPort [0x8DB949A0]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSetContextThread [0x8DB91B9E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSetSecurityObject [0x8DB956DC]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSetSystemInformation [0x8DB9278E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwShutdownSystem [0x8DB9589E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSuspendProcess [0x8DB91E1A]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSuspendThread [0x8DB91CF4]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSystemDebugControl [0x8DB92BBA]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwTerminateProcess [0x8DB98A6A]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwTerminateThread [0x8DB9930C]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwUnloadDriver [0x8DB959CA]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwWriteVirtualMemory [0x8DB918B2]
SYSENTER \SystemRoot\system32\DRIVERS\avc3.sys 8889E000
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A76A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB0212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82AB7488 4 Bytes [BE, 20, B9, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82AB7494 4 Bytes [66, 55, B9, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82AB74D8 4 Bytes [9C, 50, B9, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82AB74E8 4 Bytes [88, 2C, B9, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 82AB7504 4 Bytes [8C, 5B, B9, 8D]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x93431340, 0x3EE217, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\svchost.exe[108] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\svchost.exe[108] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\svchost.exe[108] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26391
.text C:\Windows\system32\svchost.exe[108] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\system32\svchost.exe[108] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\svchost.exe[1116] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26391
.text C:\Windows\system32\svchost.exe[1116] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\system32\svchost.exe[1116] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\System32\svchost.exe[1216] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26391
.text C:\Windows\System32\svchost.exe[1216] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\System32\svchost.exe[1216] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\System32\svchost.exe[1216] USERENV.dll!LoadUserProfileW + 1F1 00E31C9D 5 Bytes JMP 74D26421
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\System32\svchost.exe[1268] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26391
.text C:\Windows\System32\svchost.exe[1268] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\System32\svchost.exe[1268] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\System32\svchost.exe[1268] SHELL32.dll!Shell_NotifyIconW 75930171 5 Bytes JMP 74D24891
.text C:\Windows\System32\svchost.exe[1268] SHELL32.dll!SHRestricted + 251E 75991621 5 Bytes JMP 74D26421
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\svchost.exe[1328] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26391
.text C:\Windows\system32\svchost.exe[1328] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\system32\svchost.exe[1328] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26391
.text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26391
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D26391
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\System32\spoolsv.exe[1700] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\System32\spoolsv.exe[1700] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\System32\spoolsv.exe[1700] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26541
.text C:\Windows\System32\spoolsv.exe[1700] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\System32\spoolsv.exe[1700] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\System32\spoolsv.exe[1700] SHELL32.dll!Shell_NotifyIconW 75930171 5 Bytes JMP 74D24891
.text C:\Windows\System32\spoolsv.exe[1700] SHELL32.dll!SHRestricted + 251E 75991621 5 Bytes JMP 74D265D1
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\svchost.exe[1776] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\svchost.exe[1776] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26391
.text C:\Windows\system32\svchost.exe[1776] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\system32\svchost.exe[1776] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!WahWriteLSPEvent 76F4145D 5 Bytes JMP 74D26421
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!closesocket 76F43918 5 Bytes JMP 74D25851
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!WSASocketW 76F43CD3 5 Bytes JMP 74D257C1
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!socket 76F43EB8 5 Bytes JMP 74D260C1
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!WSASend 76F44406 5 Bytes JMP 74D220A1
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!GetAddrInfoW 76F44889 5 Bytes JMP 74D25191
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!recv 76F46B0E 5 Bytes JMP 74D26271
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!connect 76F46BDD 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!connect 76F46BDD 5 Bytes JMP 74D23DE1
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!send 76F46F01 5 Bytes JMP 74D22011
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!WSARecv 76F47089 5 Bytes JMP 74D26301
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!WSAConnect 76F4CC3F 5 Bytes JMP 74D261E1
.text C:\Windows\system32\svchost.exe[1776] WS2_32.dll!gethostbyname 76F57673 5 Bytes JMP 74D25221
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\svchost.exe[1876] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\svchost.exe[1876] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\svchost.exe[1876] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26391
.text C:\Windows\system32\svchost.exe[1876] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\system32\svchost.exe[1876] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D26391
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!FindWindowExA 76A46F69 5 Bytes JMP 74D25C41
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!FindWindowA 76A48FF3 5 Bytes JMP 74D25BB1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!CallNextHookEx 76A4ABE1 5 Bytes JMP 74D24771
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 74D24801
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!FindWindowW 76A4AE0D 5 Bytes JMP 74D25CD1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!PostMessageA 76A4B446 5 Bytes JMP 74D26421
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!CreateWindowExA 76A4BF40 5 Bytes JMP 74D25341
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 74D22AC1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!CreateWindowExW 76A4EC7C 5 Bytes JMP 74D252B1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!ShowWindow 76A4F2A9 5 Bytes JMP 74D253D1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!GetMessageA 76A51899 5 Bytes JMP 74D23F91
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!PeekMessageA 76A519A5 5 Bytes JMP 74D240B1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!PostMessageW 76A5447B 5 Bytes JMP 74D264B1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!SetWindowTextW 76A5612B 5 Bytes JMP 74D25731
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!PeekMessageW 76A5634A 5 Bytes JMP 74D24141
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!GetMessageW 76A5CDE8 5 Bytes JMP 74D24021
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!UserClientDllInitialize 76A5D711 5 Bytes JMP 74D26541
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!SetWindowTextA 76A70C5B 5 Bytes JMP 74D256A1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!DialogBoxIndirectParamAorW 76A73B40 5 Bytes JMP 74D254F1
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!CreateDialogIndirectParamAorW 76A75327 5 Bytes JMP 74D25461
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 74D22A31
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!FindWindowExW 76A7712B 5 Bytes JMP 74D25D61
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!MessageBoxExA 76A9E9C9 5 Bytes JMP 74D25581
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1948] USER32.dll!MessageBoxExW 76A9E9ED 5 Bytes JMP 74D25611
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D91
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22E21
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22D01
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23211
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D23181
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D246E1
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D23061
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25A01
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D222E1
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D25971
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D26391
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21B01
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D22011
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D24771
.text C:\Windows\system32\rundll32.exe[2160] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21F81
.text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21DD1
.text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D229A1
.text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D226D1
.text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D225B1
.text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22F41
.text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D24651
.text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D22881
Geändert von logposter (10.01.2014 um 15:26 Uhr) |
|
10.01.2014, 15:00
| #2 |
| /// the machine /// TB-Ausbilder    | Bitdefender meldet Trojan.GenericKD.1440205 Hi,
__________________FRST bitte nochmal scannen lassen, unsere Tools brauchen immer Adminrechte. Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
10.01.2014, 15:13
| #3 |
| | Bitdefender meldet Trojan.GenericKD.1440205 GMER, Teil 2:
__________________Code:
ATTFilter .text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D24531
.text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D242F1
.text C:\Windows\system32\rundll32.exe[2160] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24411
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!FindWindowExA 76A46F69 5 Bytes JMP 74D25C41
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!FindWindowA 76A48FF3 5 Bytes JMP 74D25BB1
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!CallNextHookEx 76A4ABE1 5 Bytes JMP 74D24801
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 74D24891
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!FindWindowW 76A4AE0D 5 Bytes JMP 74D25CD1
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!PostMessageA 76A4B446 5 Bytes JMP 74D26421
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!CreateWindowExA 76A4BF40 5 Bytes JMP 74D253D1
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 74D22B51
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!CreateWindowExW 76A4EC7C 5 Bytes JMP 74D25341
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!ShowWindow 76A4F2A9 5 Bytes JMP 74D25461
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!GetMessageA 76A51899 5 Bytes JMP 74D24021
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!PeekMessageA 76A519A5 5 Bytes JMP 74D24141
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!PostMessageW 76A5447B 5 Bytes JMP 74D264B1
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!SetWindowTextW 76A5612B 5 Bytes JMP 74D257C1
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!PeekMessageW 76A5634A 5 Bytes JMP 74D241D1
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!GetMessageW 76A5CDE8 5 Bytes JMP 74D240B1
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!UserClientDllInitialize 76A5D711 5 Bytes JMP 74D26541
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!SetWindowTextA 76A70C5B 5 Bytes JMP 74D25731
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!DialogBoxIndirectParamAorW 76A73B40 5 Bytes JMP 74D25581
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!CreateDialogIndirectParamAorW 76A75327 5 Bytes JMP 74D254F1
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 74D22AC1
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!FindWindowExW 76A7712B 5 Bytes JMP 74D25D61
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!MessageBoxExA 76A9E9C9 5 Bytes JMP 74D25611
.text C:\Windows\system32\rundll32.exe[2160] USER32.dll!MessageBoxExW 76A9E9ED 5 Bytes JMP 74D256A1
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D26391
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Program Files\PDF24\pdf24.exe[2236] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Program Files\PDF24\pdf24.exe[2236] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Program Files\PDF24\pdf24.exe[2236] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Program Files\PDF24\pdf24.exe[2236] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Program Files\PDF24\pdf24.exe[2236] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Program Files\PDF24\pdf24.exe[2236] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Program Files\PDF24\pdf24.exe[2236] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Program Files\PDF24\pdf24.exe[2236] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Program Files\PDF24\pdf24.exe[2236] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Program Files\PDF24\pdf24.exe[2236] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Program Files\PDF24\pdf24.exe[2236] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Program Files\PDF24\pdf24.exe[2236] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!FindWindowExA 76A46F69 5 Bytes JMP 74D25C41
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!FindWindowA 76A48FF3 5 Bytes JMP 74D25BB1
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!CallNextHookEx 76A4ABE1 5 Bytes JMP 74D24771
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 74D24801
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!FindWindowW 76A4AE0D 5 Bytes JMP 74D25CD1
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!PostMessageA 76A4B446 5 Bytes JMP 74D26421
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!CreateWindowExA 76A4BF40 5 Bytes JMP 74D25341
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 74D22AC1
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!CreateWindowExW 76A4EC7C 5 Bytes JMP 74D252B1
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!ShowWindow 76A4F2A9 5 Bytes JMP 74D253D1
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!GetMessageA 76A51899 5 Bytes JMP 74D23F91
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!PeekMessageA 76A519A5 5 Bytes JMP 74D240B1
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!PostMessageW 76A5447B 5 Bytes JMP 74D264B1
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!SetWindowTextW 76A5612B 5 Bytes JMP 74D25731
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!PeekMessageW 76A5634A 5 Bytes JMP 74D24141
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!GetMessageW 76A5CDE8 5 Bytes JMP 74D24021
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!UserClientDllInitialize 76A5D711 5 Bytes JMP 74D26541
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!SetWindowTextA 76A70C5B 5 Bytes JMP 74D256A1
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!DialogBoxIndirectParamAorW 76A73B40 5 Bytes JMP 74D254F1
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!CreateDialogIndirectParamAorW 76A75327 5 Bytes JMP 74D25461
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 74D22A31
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!FindWindowExW 76A7712B 5 Bytes JMP 74D25D61
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!MessageBoxExA 76A9E9C9 5 Bytes JMP 74D25581
.text C:\Program Files\PDF24\pdf24.exe[2236] USER32.dll!MessageBoxExW 76A9E9ED 5 Bytes JMP 74D25611
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D26391
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\SearchFilterHost.exe[2364] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\SearchFilterHost.exe[2364] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\SearchFilterHost.exe[2364] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\SearchFilterHost.exe[2364] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\SearchFilterHost.exe[2364] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\SearchFilterHost.exe[2364] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\SearchFilterHost.exe[2364] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\SearchFilterHost.exe[2364] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\SearchFilterHost.exe[2364] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\SearchFilterHost.exe[2364] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\SearchFilterHost.exe[2364] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\SearchFilterHost.exe[2364] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\SearchFilterHost.exe[2364] ADVAPI32.dll!OpenServiceW 769AC9EC 5 Bytes JMP 74D238D1
.text C:\Windows\system32\SearchFilterHost.exe[2364] ADVAPI32.dll!OpenServiceA 769B2B70 5 Bytes JMP 74D23841
.text C:\Windows\system32\SearchFilterHost.exe[2364] ADVAPI32.dll!CloseServiceHandle 769B361C 5 Bytes JMP 74D23CC1
.text C:\Windows\system32\SearchFilterHost.exe[2364] ADVAPI32.dll!RegOpenKeyExA + DE 769B4965 5 Bytes JMP 74D26541
.text C:\Windows\system32\SearchFilterHost.exe[2364] ADVAPI32.dll!CreateServiceW 769C70C4 5 Bytes JMP 74D23F01
.text C:\Windows\system32\SearchFilterHost.exe[2364] ADVAPI32.dll!ControlService 769C70DC 5 Bytes JMP 74D23A81
.text C:\Windows\system32\SearchFilterHost.exe[2364] ADVAPI32.dll!DeleteService 769C70F4 5 Bytes JMP 74D23B11
.text C:\Windows\system32\SearchFilterHost.exe[2364] ADVAPI32.dll!ChangeServiceConfigA 769E31F4 5 Bytes JMP 74D23BA1
.text C:\Windows\system32\SearchFilterHost.exe[2364] ADVAPI32.dll!ChangeServiceConfigW 769E3204 5 Bytes JMP 74D23C31
.text C:\Windows\system32\SearchFilterHost.exe[2364] ADVAPI32.dll!ControlServiceExA 769E3214 5 Bytes JMP 74D23961
.text C:\Windows\system32\SearchFilterHost.exe[2364] ADVAPI32.dll!ControlServiceExW 769E3224 5 Bytes JMP 74D239F1
.text C:\Windows\system32\SearchFilterHost.exe[2364] ADVAPI32.dll!CreateServiceA 769E3264 5 Bytes JMP 74D23E71
.text C:\Windows\system32\SearchFilterHost.exe[2364] shell32.DLL!Shell_NotifyIconW 75930171 5 Bytes JMP 74D24891
.text C:\Windows\system32\SearchFilterHost.exe[2364] shell32.DLL!SHRestricted + 251E 75991621 5 Bytes JMP 74D265D1
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D91
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22E21
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22D01
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23211
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D23181
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D246E1
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D23061
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25A01
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D222E1
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D25971
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D26391
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21B01
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D22011
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D24771
.text C:\Windows\system32\rundll32.exe[2376] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21F81
.text C:\Windows\system32\rundll32.exe[2376] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21DD1
.text C:\Windows\system32\rundll32.exe[2376] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D229A1
.text C:\Windows\system32\rundll32.exe[2376] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D226D1
.text C:\Windows\system32\rundll32.exe[2376] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\rundll32.exe[2376] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D225B1
.text C:\Windows\system32\rundll32.exe[2376] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22F41
.text C:\Windows\system32\rundll32.exe[2376] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D24651
.text C:\Windows\system32\rundll32.exe[2376] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D22881
.text C:\Windows\system32\rundll32.exe[2376] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D24531
.text C:\Windows\system32\rundll32.exe[2376] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D242F1
.text C:\Windows\system32\rundll32.exe[2376] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24411
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!FindWindowExA 76A46F69 5 Bytes JMP 74D25C41
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!FindWindowA 76A48FF3 5 Bytes JMP 74D25BB1
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!CallNextHookEx 76A4ABE1 5 Bytes JMP 74D24801
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 74D24891
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!FindWindowW 76A4AE0D 5 Bytes JMP 74D25CD1
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!PostMessageA 76A4B446 5 Bytes JMP 74D26421
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!CreateWindowExA 76A4BF40 5 Bytes JMP 74D253D1
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 74D22B51
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!CreateWindowExW 76A4EC7C 5 Bytes JMP 74D25341
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!ShowWindow 76A4F2A9 5 Bytes JMP 74D25461
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!GetMessageA 76A51899 5 Bytes JMP 74D24021
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!PeekMessageA 76A519A5 5 Bytes JMP 74D24141
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!PostMessageW 76A5447B 5 Bytes JMP 74D264B1
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!SetWindowTextW 76A5612B 5 Bytes JMP 74D257C1
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!PeekMessageW 76A5634A 5 Bytes JMP 74D241D1
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!GetMessageW 76A5CDE8 5 Bytes JMP 74D240B1
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!UserClientDllInitialize 76A5D711 5 Bytes JMP 74D26541
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!SetWindowTextA 76A70C5B 5 Bytes JMP 74D25731
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!DialogBoxIndirectParamAorW 76A73B40 5 Bytes JMP 74D25581
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!CreateDialogIndirectParamAorW 76A75327 5 Bytes JMP 74D254F1
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 74D22AC1
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!FindWindowExW 76A7712B 5 Bytes JMP 74D25D61
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!MessageBoxExA 76A9E9C9 5 Bytes JMP 74D25611
.text C:\Windows\system32\rundll32.exe[2376] USER32.dll!MessageBoxExW 76A9E9ED 5 Bytes JMP 74D256A1
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D26391
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\taskhost.exe[2700] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\taskhost.exe[2700] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\taskhost.exe[2700] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\taskhost.exe[2700] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\taskhost.exe[2700] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\taskhost.exe[2700] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\taskhost.exe[2700] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\taskhost.exe[2700] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\taskhost.exe[2700] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\taskhost.exe[2700] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\taskhost.exe[2700] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\taskhost.exe[2700] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\taskhost.exe[2700] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26541
.text C:\Windows\system32\taskhost.exe[2700] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\system32\taskhost.exe[2700] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\system32\taskhost.exe[2700] SHELL32.dll!Shell_NotifyIconW 75930171 5 Bytes JMP 74D24891
.text C:\Windows\system32\taskhost.exe[2700] SHELL32.dll!SHRestricted + 251E 75991621 5 Bytes JMP 74D265D1
.text C:\Windows\Explorer.EXE[2796] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D219E1
.text C:\Windows\Explorer.EXE[2796] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D21A71
.text C:\Windows\Explorer.EXE[2796] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D21951
.text C:\Windows\Explorer.EXE[2796] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D218C1
.text C:\Windows\Explorer.EXE[2796] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D21E61
.text C:\Windows\Explorer.EXE[2796] ntdll.dll!NtLoadDriver + 5 775E5B9D 5 Bytes JMP 74D229A1
.text C:\Windows\Explorer.EXE[2796] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\Explorer.EXE[2796] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D21D41
.text C:\Windows\Explorer.EXE[2796] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D21DD1
.text C:\Windows\Explorer.EXE[2796] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D21CB1
.text C:\Windows\Explorer.EXE[2796] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D22911
.text C:\Windows\Explorer.EXE[2796] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D22A31
.text C:\Windows\Explorer.EXE[2796] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D22881
.text C:\Windows\Explorer.EXE[2796] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\Explorer.EXE[2796] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D22BE1
.text C:\Windows\Explorer.EXE[2796] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D21C21
.text C:\Windows\Explorer.EXE[2796] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D226D1
.text C:\Windows\Explorer.EXE[2796] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D22B51
.text C:\Windows\Explorer.EXE[2796] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D21F81
.text C:\Windows\Explorer.EXE[2796] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D21B91
.text C:\Windows\Explorer.EXE[2796] ADVAPI32.dll!OpenServiceW 769AC9EC 5 Bytes JMP 74D221C1
.text C:\Windows\Explorer.EXE[2796] ADVAPI32.dll!OpenServiceA 769B2B70 5 Bytes JMP 74D22131
.text C:\Windows\Explorer.EXE[2796] ADVAPI32.dll!CloseServiceHandle 769B361C 5 Bytes JMP 74D225B1
.text C:\Windows\Explorer.EXE[2796] ADVAPI32.dll!RegOpenKeyExA + DE 769B4965 5 Bytes JMP 74D22EB1
.text C:\Windows\Explorer.EXE[2796] ADVAPI32.dll!CreateServiceW 769C70C4 5 Bytes JMP 74D227F1
.text C:\Windows\Explorer.EXE[2796] ADVAPI32.dll!ControlService 769C70DC 5 Bytes JMP 74D22371
.text C:\Windows\Explorer.EXE[2796] ADVAPI32.dll!DeleteService 769C70F4 5 Bytes JMP 74D22401
.text C:\Windows\Explorer.EXE[2796] ADVAPI32.dll!ChangeServiceConfigA 769E31F4 5 Bytes JMP 74D22491
.text C:\Windows\Explorer.EXE[2796] ADVAPI32.dll!ChangeServiceConfigW 769E3204 5 Bytes JMP 74D22521
.text C:\Windows\Explorer.EXE[2796] ADVAPI32.dll!ControlServiceExA 769E3214 5 Bytes JMP 74D22251
.text C:\Windows\Explorer.EXE[2796] ADVAPI32.dll!ControlServiceExW 769E3224 5 Bytes JMP 74D222E1
.text C:\Windows\Explorer.EXE[2796] ADVAPI32.dll!CreateServiceA 769E3264 5 Bytes JMP 74D22761
.text C:\Windows\Explorer.EXE[2796] WS2_32.dll!WahWriteLSPEvent 76F4145D 5 Bytes JMP 74D22F41
.text C:\Windows\Explorer.EXE[2796] WS2_32.dll!connect 76F46BDD 5 Bytes JMP 74D22641
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D26391
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Program Files\PDF24\pdf24.exe[3044] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Program Files\PDF24\pdf24.exe[3044] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Program Files\PDF24\pdf24.exe[3044] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Program Files\PDF24\pdf24.exe[3044] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Program Files\PDF24\pdf24.exe[3044] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Program Files\PDF24\pdf24.exe[3044] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Program Files\PDF24\pdf24.exe[3044] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Program Files\PDF24\pdf24.exe[3044] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Program Files\PDF24\pdf24.exe[3044] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Program Files\PDF24\pdf24.exe[3044] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Program Files\PDF24\pdf24.exe[3044] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Program Files\PDF24\pdf24.exe[3044] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!FindWindowExA 76A46F69 5 Bytes JMP 74D25C41
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!FindWindowA 76A48FF3 5 Bytes JMP 74D25BB1
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!CallNextHookEx 76A4ABE1 5 Bytes JMP 74D24771
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 74D24801
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!FindWindowW 76A4AE0D 5 Bytes JMP 74D25CD1
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!PostMessageA 76A4B446 5 Bytes JMP 74D26421
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!CreateWindowExA 76A4BF40 5 Bytes JMP 74D25341
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 74D22AC1
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!CreateWindowExW 76A4EC7C 5 Bytes JMP 74D252B1
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!ShowWindow 76A4F2A9 5 Bytes JMP 74D253D1
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!GetMessageA 76A51899 5 Bytes JMP 74D23F91
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!PeekMessageA 76A519A5 5 Bytes JMP 74D240B1
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!PostMessageW 76A5447B 5 Bytes JMP 74D264B1
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!SetWindowTextW 76A5612B 5 Bytes JMP 74D25731
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!PeekMessageW 76A5634A 5 Bytes JMP 74D24141
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!GetMessageW 76A5CDE8 5 Bytes JMP 74D24021
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!UserClientDllInitialize 76A5D711 5 Bytes JMP 74D26541
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!SetWindowTextA 76A70C5B 5 Bytes JMP 74D256A1
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!DialogBoxIndirectParamAorW 76A73B40 5 Bytes JMP 74D254F1
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!CreateDialogIndirectParamAorW 76A75327 5 Bytes JMP 74D25461
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 74D22A31
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!FindWindowExW 76A7712B 5 Bytes JMP 74D25D61
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!MessageBoxExA 76A9E9C9 5 Bytes JMP 74D25581
.text C:\Program Files\PDF24\pdf24.exe[3044] USER32.dll!MessageBoxExW 76A9E9ED 5 Bytes JMP 74D25611
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D26391
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\SearchProtocolHost.exe[3052] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\SearchProtocolHost.exe[3052] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\SearchProtocolHost.exe[3052] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\SearchProtocolHost.exe[3052] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\SearchProtocolHost.exe[3052] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\SearchProtocolHost.exe[3052] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\SearchProtocolHost.exe[3052] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\SearchProtocolHost.exe[3052] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\SearchProtocolHost.exe[3052] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\SearchProtocolHost.exe[3052] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\SearchProtocolHost.exe[3052] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ADVAPI32.dll!OpenServiceW 769AC9EC 5 Bytes JMP 74D238D1
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ADVAPI32.dll!OpenServiceA 769B2B70 5 Bytes JMP 74D23841
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ADVAPI32.dll!CloseServiceHandle 769B361C 5 Bytes JMP 74D23CC1
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ADVAPI32.dll!RegOpenKeyExA + DE 769B4965 5 Bytes JMP 74D26541
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ADVAPI32.dll!CreateServiceW 769C70C4 5 Bytes JMP 74D23F01
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ADVAPI32.dll!ControlService 769C70DC 5 Bytes JMP 74D23A81
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ADVAPI32.dll!DeleteService 769C70F4 5 Bytes JMP 74D23B11
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ADVAPI32.dll!ChangeServiceConfigA 769E31F4 5 Bytes JMP 74D23BA1
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ADVAPI32.dll!ChangeServiceConfigW 769E3204 5 Bytes JMP 74D23C31
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ADVAPI32.dll!ControlServiceExA 769E3214 5 Bytes JMP 74D23961
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ADVAPI32.dll!ControlServiceExW 769E3224 5 Bytes JMP 74D239F1
.text C:\Windows\system32\SearchProtocolHost.exe[3052] ADVAPI32.dll!CreateServiceA 769E3264 5 Bytes JMP 74D23E71
.text C:\Windows\system32\SearchProtocolHost.exe[3052] SHELL32.dll!Shell_NotifyIconW 75930171 5 Bytes JMP 74D24891
.text C:\Windows\system32\SearchProtocolHost.exe[3052] SHELL32.dll!SHRestricted + 251E 75991621 5 Bytes JMP 74D265D1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D26391
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ADVAPI32.dll!OpenServiceW 769AC9EC 5 Bytes JMP 74D238D1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ADVAPI32.dll!OpenServiceA 769B2B70 5 Bytes JMP 74D23841
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ADVAPI32.dll!CloseServiceHandle 769B361C 5 Bytes JMP 74D23CC1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ADVAPI32.dll!RegOpenKeyExA + DE 769B4965 5 Bytes JMP 74D26541
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ADVAPI32.dll!CreateServiceW 769C70C4 5 Bytes JMP 74D23F01
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ADVAPI32.dll!ControlService 769C70DC 5 Bytes JMP 74D23A81
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ADVAPI32.dll!DeleteService 769C70F4 5 Bytes JMP 74D23B11
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 769E31F4 5 Bytes JMP 74D23BA1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 769E3204 5 Bytes JMP 74D23C31
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ADVAPI32.dll!ControlServiceExA 769E3214 5 Bytes JMP 74D23961
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ADVAPI32.dll!ControlServiceExW 769E3224 5 Bytes JMP 74D239F1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] ADVAPI32.dll!CreateServiceA 769E3264 5 Bytes JMP 74D23E71
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] SHELL32.dll!Shell_NotifyIconW 75930171 5 Bytes JMP 74D24891
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3060] SHELL32.dll!SHRestricted + 251E 75991621 5 Bytes JMP 74D265D1
.text C:\Windows\Explorer.EXE[3228] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D219E1
.text C:\Windows\Explorer.EXE[3228] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D21A71
.text C:\Windows\Explorer.EXE[3228] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D21951
.text C:\Windows\Explorer.EXE[3228] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D218C1
.text C:\Windows\Explorer.EXE[3228] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D21E61
.text C:\Windows\Explorer.EXE[3228] ntdll.dll!NtLoadDriver + 5 775E5B9D 5 Bytes JMP 74D229A1
.text C:\Windows\Explorer.EXE[3228] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\Explorer.EXE[3228] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D21D41
.text C:\Windows\Explorer.EXE[3228] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D21DD1
.text C:\Windows\Explorer.EXE[3228] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D21CB1
.text C:\Windows\Explorer.EXE[3228] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D22911
.text C:\Windows\Explorer.EXE[3228] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D22A31
.text C:\Windows\Explorer.EXE[3228] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D22881
.text C:\Windows\Explorer.EXE[3228] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\Explorer.EXE[3228] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D22BE1
.text C:\Windows\Explorer.EXE[3228] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D21C21
.text C:\Windows\Explorer.EXE[3228] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D226D1
.text C:\Windows\Explorer.EXE[3228] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D22B51
.text C:\Windows\Explorer.EXE[3228] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D21F81
.text C:\Windows\Explorer.EXE[3228] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D21B91
.text C:\Windows\Explorer.EXE[3228] ADVAPI32.dll!OpenServiceW 769AC9EC 5 Bytes JMP 74D221C1
.text C:\Windows\Explorer.EXE[3228] ADVAPI32.dll!OpenServiceA 769B2B70 5 Bytes JMP 74D22131
.text C:\Windows\Explorer.EXE[3228] ADVAPI32.dll!CloseServiceHandle 769B361C 5 Bytes JMP 74D225B1
.text C:\Windows\Explorer.EXE[3228] ADVAPI32.dll!RegOpenKeyExA + DE 769B4965 5 Bytes JMP 74D22EB1
.text C:\Windows\Explorer.EXE[3228] ADVAPI32.dll!CreateServiceW 769C70C4 5 Bytes JMP 74D227F1
.text C:\Windows\Explorer.EXE[3228] ADVAPI32.dll!ControlService 769C70DC 5 Bytes JMP 74D22371
.text C:\Windows\Explorer.EXE[3228] ADVAPI32.dll!DeleteService 769C70F4 5 Bytes JMP 74D22401
.text C:\Windows\Explorer.EXE[3228] ADVAPI32.dll!ChangeServiceConfigA 769E31F4 5 Bytes JMP 74D22491
.text C:\Windows\Explorer.EXE[3228] ADVAPI32.dll!ChangeServiceConfigW 769E3204 5 Bytes JMP 74D22521
.text C:\Windows\Explorer.EXE[3228] ADVAPI32.dll!ControlServiceExA 769E3214 5 Bytes JMP 74D22251
.text C:\Windows\Explorer.EXE[3228] ADVAPI32.dll!ControlServiceExW 769E3224 5 Bytes JMP 74D222E1
.text C:\Windows\Explorer.EXE[3228] ADVAPI32.dll!CreateServiceA 769E3264 5 Bytes JMP 74D22761
.text C:\Windows\Explorer.EXE[3228] WS2_32.dll!WahWriteLSPEvent 76F4145D 5 Bytes JMP 74D22F41
.text C:\Windows\Explorer.EXE[3228] WS2_32.dll!connect 76F46BDD 5 Bytes JMP 74D22641
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D26391
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\SearchIndexer.exe[3368] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\SearchIndexer.exe[3368] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\SearchIndexer.exe[3368] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\SearchIndexer.exe[3368] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\SearchIndexer.exe[3368] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\SearchIndexer.exe[3368] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\SearchIndexer.exe[3368] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\SearchIndexer.exe[3368] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\SearchIndexer.exe[3368] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\SearchIndexer.exe[3368] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\SearchIndexer.exe[3368] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\SearchIndexer.exe[3368] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\SearchIndexer.exe[3368] ADVAPI32.dll!OpenServiceW 769AC9EC 5 Bytes JMP 74D238D1
.text C:\Windows\system32\SearchIndexer.exe[3368] ADVAPI32.dll!OpenServiceA 769B2B70 5 Bytes JMP 74D23841
.text C:\Windows\system32\SearchIndexer.exe[3368] ADVAPI32.dll!CloseServiceHandle 769B361C 5 Bytes JMP 74D23CC1
.text C:\Windows\system32\SearchIndexer.exe[3368] ADVAPI32.dll!RegOpenKeyExA + DE 769B4965 5 Bytes JMP 74D26541
.text C:\Windows\system32\SearchIndexer.exe[3368] ADVAPI32.dll!CreateServiceW 769C70C4 5 Bytes JMP 74D23F01
.text C:\Windows\system32\SearchIndexer.exe[3368] ADVAPI32.dll!ControlService 769C70DC 5 Bytes JMP 74D23A81
.text C:\Windows\system32\SearchIndexer.exe[3368] ADVAPI32.dll!DeleteService 769C70F4 5 Bytes JMP 74D23B11
.text C:\Windows\system32\SearchIndexer.exe[3368] ADVAPI32.dll!ChangeServiceConfigA 769E31F4 5 Bytes JMP 74D23BA1
.text C:\Windows\system32\SearchIndexer.exe[3368] ADVAPI32.dll!ChangeServiceConfigW 769E3204 5 Bytes JMP 74D23C31
.text C:\Windows\system32\SearchIndexer.exe[3368] ADVAPI32.dll!ControlServiceExA 769E3214 5 Bytes JMP 74D23961
.text C:\Windows\system32\SearchIndexer.exe[3368] ADVAPI32.dll!ControlServiceExW 769E3224 5 Bytes JMP 74D239F1
.text C:\Windows\system32\SearchIndexer.exe[3368] ADVAPI32.dll!CreateServiceA 769E3264 5 Bytes JMP 74D23E71
.text C:\Windows\system32\SearchIndexer.exe[3368] SHELL32.dll!Shell_NotifyIconW 75930171 5 Bytes JMP 74D24891
.text C:\Windows\system32\SearchIndexer.exe[3368] SHELL32.dll!SHRestricted + 251E 75991621 5 Bytes JMP 74D265D1
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D26391
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Windows\system32\taskhost.exe[3480] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Windows\system32\taskhost.exe[3480] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Windows\system32\taskhost.exe[3480] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Windows\system32\taskhost.exe[3480] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Windows\system32\taskhost.exe[3480] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Windows\system32\taskhost.exe[3480] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Windows\system32\taskhost.exe[3480] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Windows\system32\taskhost.exe[3480] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Windows\system32\taskhost.exe[3480] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Windows\system32\taskhost.exe[3480] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Windows\system32\taskhost.exe[3480] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Windows\system32\taskhost.exe[3480] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Windows\system32\taskhost.exe[3480] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26541
.text C:\Windows\system32\taskhost.exe[3480] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Windows\system32\taskhost.exe[3480] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Windows\system32\taskhost.exe[3480] SHELL32.dll!Shell_NotifyIconW 75930171 5 Bytes JMP 74D24891
.text C:\Windows\system32\taskhost.exe[3480] SHELL32.dll!SHRestricted + 251E 75991621 5 Bytes JMP 74D265D1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtReadFile + 5 775E62FD 5 Bytes JMP 74D260C1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D26421
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ADVAPI32.dll!OpenServiceW 769AC9EC 5 Bytes JMP 74D238D1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ADVAPI32.dll!OpenServiceA 769B2B70 5 Bytes JMP 74D23841
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ADVAPI32.dll!CloseServiceHandle 769B361C 5 Bytes JMP 74D23CC1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ADVAPI32.dll!RegOpenKeyExA + DE 769B4965 5 Bytes JMP 74D265D1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ADVAPI32.dll!CreateServiceW 769C70C4 5 Bytes JMP 74D23F01
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ADVAPI32.dll!ControlService 769C70DC 5 Bytes JMP 74D23A81
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ADVAPI32.dll!DeleteService 769C70F4 5 Bytes JMP 74D23B11
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ADVAPI32.dll!ChangeServiceConfigA 769E31F4 5 Bytes JMP 74D23BA1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ADVAPI32.dll!ChangeServiceConfigW 769E3204 5 Bytes JMP 74D23C31
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ADVAPI32.dll!ControlServiceExA 769E3214 5 Bytes JMP 74D23961
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ADVAPI32.dll!ControlServiceExW 769E3224 5 Bytes JMP 74D239F1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] ADVAPI32.dll!CreateServiceA 769E3264 5 Bytes JMP 74D23E71
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] msvcrt.dll!_lock + 29 7742A472 5 Bytes JMP 74D26661
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] msvcrt.dll!__p__fmode 774327CE 5 Bytes JMP 74D21B91
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] msvcrt.dll!__p__environ 7743E6CF 5 Bytes JMP 74D21B01
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!FindWindowExA 76A46F69 5 Bytes JMP 74D25C41
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!FindWindowA 76A48FF3 5 Bytes JMP 74D25BB1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!CallNextHookEx 76A4ABE1 5 Bytes JMP 74D24771
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 74D24801
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!FindWindowW 76A4AE0D 5 Bytes JMP 74D25CD1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!PostMessageA 76A4B446 5 Bytes JMP 74D264B1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!CreateWindowExA 76A4BF40 5 Bytes JMP 74D25341
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 74D22AC1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!CreateWindowExW 76A4EC7C 5 Bytes JMP 74D252B1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!ShowWindow 76A4F2A9 5 Bytes JMP 74D253D1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!GetMessageA 76A51899 5 Bytes JMP 74D23F91
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!PeekMessageA 76A519A5 5 Bytes JMP 74D240B1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!PostMessageW 76A5447B 5 Bytes JMP 74D26541
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!SetWindowTextW 76A5612B 5 Bytes JMP 74D25731
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!PeekMessageW 76A5634A 5 Bytes JMP 74D24141
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!GetMessageW 76A5CDE8 5 Bytes JMP 74D24021
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!UserClientDllInitialize 76A5D711 5 Bytes JMP 74D266F1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!SetWindowTextA 76A70C5B 5 Bytes JMP 74D256A1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!DialogBoxIndirectParamAorW 76A73B40 5 Bytes JMP 74D254F1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!CreateDialogIndirectParamAorW 76A75327 5 Bytes JMP 74D25461
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 74D22A31
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!FindWindowExW 76A7712B 5 Bytes JMP 74D25D61
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!MessageBoxExA 76A9E9C9 5 Bytes JMP 74D25581
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] USER32.dll!MessageBoxExW 76A9E9ED 5 Bytes JMP 74D25611
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] WS2_32.dll!WahWriteLSPEvent 76F4145D 5 Bytes JMP 74D26811
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] WS2_32.dll!closesocket 76F43918 5 Bytes JMP 74D25851
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] WS2_32.dll!WSASocketW 76F43CD3 5 Bytes JMP 74D257C1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] WS2_32.dll!socket 76F43EB8 5 Bytes JMP 74D26151
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] WS2_32.dll!WSASend 76F44406 5 Bytes JMP 74D220A1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] WS2_32.dll!GetAddrInfoW 76F44889 5 Bytes JMP 74D25191
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] WS2_32.dll!recv 76F46B0E 5 Bytes JMP 74D26301
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] WS2_32.dll!connect 76F46BDD 1 Byte [E9]
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] WS2_32.dll!connect 76F46BDD 5 Bytes JMP 74D23DE1
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] WS2_32.dll!send 76F46F01 5 Bytes JMP 74D22011
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] WS2_32.dll!WSARecv 76F47089 5 Bytes JMP 74D26391
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] WS2_32.dll!WSAConnect 76F4CC3F 5 Bytes JMP 74D26271
.text C:\Users\anonym\Downloads\gmer_2.1.19163.exe[3960] WS2_32.dll!gethostbyname 76F57673 5 Bytes JMP 74D25221
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtClose + 5 775E550D 5 Bytes JMP 74D25F11
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtCreateFile + 5 775E560D 5 Bytes JMP 74D21E61
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtCreateProcess + 5 775E56DD 5 Bytes JMP 74D22D01
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtCreateProcessEx + 5 775E56ED 5 Bytes JMP 74D22D91
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtCreateThread + 5 775E575D 5 Bytes JMP 74D22C71
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtCreateThreadEx + 5 775E576D 5 Bytes JMP 74D22BE1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtDuplicateObject + 5 775E58DD 5 Bytes JMP 74D23181
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtLoadDriver + 5 775E5B9D 2 Bytes JMP 74D25FA1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtLoadDriver + 8 775E5BA0 2 Bytes [74, FD] {JZ 0xffffffff}
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtMapViewOfSection + 5 775E5C6D 5 Bytes JMP 74D215F1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtOpenProcess + 5 775E5DCD 5 Bytes JMP 74D23061
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtQueueApcThread + 5 775E62BD 5 Bytes JMP 74D230F1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtRaiseHardError + 5 775E62ED 5 Bytes JMP 74D24651
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtSetContextThread + 5 775E65AD 5 Bytes JMP 74D22FD1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtSetInformationProcess + 5 775E66BD 5 Bytes JMP 74D25971
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtSetSystemInformation + 5 775E67CD 5 Bytes JMP 74D26031
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtSetValueKey + 5 775E684D 5 Bytes JMP 74D22251
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtTerminateProcess + 5 775E690D 5 Bytes JMP 74D258E1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtUnmapViewOfSection + 5 775E69FD 5 Bytes JMP 74D21681
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtVdmControl + 5 775E6A0D 5 Bytes JMP 74D26391
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!NtWriteVirtualMemory + 5 775E6ADD 5 Bytes JMP 74D22F41
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!RtlQueryPerformanceCounter 775F313F 5 Bytes JMP 74D21A71
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!RtlCreateProcessParametersEx 77606F19 5 Bytes JMP 74D21F81
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!RtlReportException 77645F59 5 Bytes JMP 74D246E1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!RtlCreateProcessParameters 776498A2 5 Bytes JMP 74D21EF1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] kernel32.dll!GetStartupInfoA 76811E10 5 Bytes JMP 74D21D41
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] kernel32.dll!CreateProcessA 76812082 5 Bytes JMP 74D22911
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] kernel32.dll!CreateToolhelp32Snapshot 7684FD29 4 Bytes JMP 74D22641
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] kernel32.dll!Process32NextW 768500C2 5 Bytes JMP 74D25E81
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] kernel32.dll!LoadLibraryA 7685DC55 5 Bytes JMP 74D22521
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] kernel32.dll!CreateProcessInternalW 76860792 5 Bytes JMP 74D22EB1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] kernel32.dll!ReadConsoleW 768726AE 5 Bytes JMP 74D245C1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] kernel32.dll!WinExec 7689ED9E 5 Bytes JMP 74D227F1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] kernel32.dll!ReadConsoleA 768BC928 5 Bytes JMP 74D244A1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] kernel32.dll!ReadConsoleInputA 768BD04F 5 Bytes JMP 74D24261
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] kernel32.dll!ReadConsoleInputW 768BD072 5 Bytes JMP 74D24381
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ADVAPI32.dll!OpenServiceW 769AC9EC 5 Bytes JMP 74D238D1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ADVAPI32.dll!OpenServiceA 769B2B70 5 Bytes JMP 74D23841
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ADVAPI32.dll!CloseServiceHandle 769B361C 5 Bytes JMP 74D23CC1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ADVAPI32.dll!RegOpenKeyExA + DE 769B4965 5 Bytes JMP 74D26541
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ADVAPI32.dll!CreateServiceW 769C70C4 5 Bytes JMP 74D23F01
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ADVAPI32.dll!ControlService 769C70DC 5 Bytes JMP 74D23A81
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ADVAPI32.dll!DeleteService 769C70F4 5 Bytes JMP 74D23B11
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ADVAPI32.dll!ChangeServiceConfigA 769E31F4 5 Bytes JMP 74D23BA1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ADVAPI32.dll!ChangeServiceConfigW 769E3204 5 Bytes JMP 74D23C31
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ADVAPI32.dll!ControlServiceExA 769E3214 5 Bytes JMP 74D23961
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ADVAPI32.dll!ControlServiceExW 769E3224 5 Bytes JMP 74D239F1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ADVAPI32.dll!CreateServiceA 769E3264 5 Bytes JMP 74D23E71
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] SHELL32.dll!Shell_NotifyIconW 75930171 5 Bytes JMP 74D24891
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] SHELL32.dll!SHRestricted + 251E 75991621 5 Bytes JMP 74D265D1
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter 18418
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help 18419
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Canon MG5100 series Printer@ChangeID 6257980
---- EOF - GMER 2.1 ----
|
|
10.01.2014, 15:22
| #4 |
| | Additions.txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-01-2014
Ran by Admin at 2014-01-10 15:18:18
Running from C:\Users\Anonym\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Bitdefender Antivirus (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall (Disabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
==================== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Bitdefender Antivirus Plus 2013 (Version: 16.27.0.1763 - Bitdefender)
Canon MG5100 series MP Drivers (Version: - )
Conexant HD Audio (Version: 4.36.7.61 - Conexant)
EPSON XP-312 313 315 Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
Foxit Reader (Version: 6.0.6.722 - Foxit Corporation)
Google+ Auto Backup (Version: 1.0.21.81 - Google)
HP Quick Launch Buttons (Version: 6.50.14.1 - Hewlett-Packard Company)
Java 7 Update 40 (Version: 7.0.400 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KeePass Password Safe 2.22 (Version: - Dominik Reichl)
Macrium Reflect Free Edition (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.2.6249 - Paramount Software (UK) Ltd.) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Robocopy GUI (Version: 1.0.0 - Microsoft)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8 - Mozilla)
NVIDIA Drivers (Version: - NVIDIA Corporation)
PDF24 Creator 6.2.0 (Version: - PDF24.org)
Picasa 3 (Version: 3.9 - Google, Inc.)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
RICOH Media Driver (Version: 2.10.00.04 - RICOH)
Synaptics Pointing Device Driver (Version: 15.3.29.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)
==================== Restore Points =========================
30-11-2013 15:21:19 Geplanter Prüfpunkt
03-12-2013 19:10:03 Windows Update
12-12-2013 13:38:12 Windows Update
07-01-2014 12:59:07 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {139DE71B-40E6-4D66-A2E4-9670300D021B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {8A118387-27C8-46B8-90AE-236E6C0BE846} - System32\Tasks\EPSON XP-312 313 315 Series Update {03A9264B-F446-42F5-90B8-162111576567} => C:\Windows\System32\spool\drivers\w32x86\3\E_FTSLFE.EXE [2013-04-26] (SEIKO EPSON CORPORATION)
Task: {981F3699-2BBD-4E0D-A2D5-C68D0FE80FD4} - System32\Tasks\EPSON XP-312 313 315 Series Update {A694DE30-5F99-4288-B18F-0FC22B6D624B} => C:\Windows\System32\spool\drivers\w32x86\3\E_FTSLFE.EXE [2013-04-26] (SEIKO EPSON CORPORATION)
Task: {E31A61DD-A9EE-4D27-8281-D6F8F82C7F1E} - System32\Tasks\EPSON XP-312 313 315 Series Invitation {03A9264B-F446-42F5-90B8-162111576567} => C:\Windows\System32\spool\drivers\w32x86\3\E_FTSLFE.EXE [2013-04-26] (SEIKO EPSON CORPORATION)
Task: {F82486F8-6763-4028-A080-9548DC4F1D2D} - System32\Tasks\EPSON XP-312 313 315 Series Invitation {A694DE30-5F99-4288-B18F-0FC22B6D624B} => C:\Windows\System32\spool\drivers\w32x86\3\E_FTSLFE.EXE [2013-04-26] (SEIKO EPSON CORPORATION)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {03A9264B-F446-42F5-90B8-162111576567}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLFE.EXE
Task: C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {A694DE30-5F99-4288-B18F-0FC22B6D624B}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLFE.EXE
Task: C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {03A9264B-F446-42F5-90B8-162111576567}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLFE.EXE
Task: C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {A694DE30-5F99-4288-B18F-0FC22B6D624B}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLFE.EXE
==================== Loaded Modules (whitelisted) =============
2013-08-27 14:23 - 2013-08-27 14:23 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
2013-03-26 13:24 - 2014-01-10 14:01 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Anonym\Downloads\gmer_2.1.19163.exe:BDU
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/10/2014 03:09:31 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (01/10/2014 03:09:31 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (01/10/2014 03:09:31 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (01/10/2014 03:00:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/10/2014 02:43:25 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (01/10/2014 02:43:25 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (01/10/2014 02:43:25 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (01/10/2014 02:40:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/10/2014 02:34:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/10/2014 02:09:54 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
System errors:
=============
Error: (01/10/2014 03:06:46 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (01/10/2014 03:00:15 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/10/2014 03:00:07 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (01/10/2014 02:59:09 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Error: (01/10/2014 02:59:09 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 10
Prozessor-ID: 1
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Error: (01/10/2014 02:40:03 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/10/2014 02:39:58 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (01/10/2014 02:38:59 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Error: (01/10/2014 02:38:59 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 10
Prozessor-ID: 1
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Error: (01/10/2014 02:38:59 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-03-26 13:59:57.636
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00102_002\midas32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-26 13:33:03.471
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00102_002\midas32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-26 13:23:25.164
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 1982.93 MB
Available physical RAM: 1163.08 MB
Total Pagefile: 3965.85 MB
Available Pagefile: 2959.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.36 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:87.89 GB) (Free:60.53 GB) NTFS
Drive d: () (Fixed) (Total:144.9 GB) (Free:129.3 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 2713C874)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=145 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=88 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
11.01.2014, 12:50
| #5 |
| /// the machine /// TB-Ausbilder | Bitdefender meldet Trojan.GenericKD.1440205 Logs sind ok. Meckert BD noch?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.01.2014, 18:28
| #6 |
| | Bitdefender meldet Trojan.GenericKD.1440205 Es meldet, dass der Zugriff auf oben genannte Dateien nur blockiert ist, der PC dadurch aber nicht virenfrei sei. Ich werde mal einen Vollscan machen und das Ergebnis hier veröffentlichen. Die Datei, die Bitdefender als gelöscht meldet, konnte ich aber trotzdem noch auffinden. Ist aber laut virustotal.com sauber (https://www.virustotal.com/de/file/8feddb9497e4a7710116d663ee73367969b8d4e7db34050369e7f50338c05a52/analysis/1389460902/) Bitdefener System Scan Code:
ATTFilter <?xml version="1.0" encoding="utf-8"?> <?xml-stylesheet type="text/xsl" href="C:\Program Files\Bitdefender\Bitdefender 2013\ondemand.xsl"?> <ScanSession creator="Bitdefender Antivirus Plus 2013" name="System Scan" installPath="C:\Program Files\Bitdefender\Bitdefender 2013\" creationDate="Samstag, 11. Januar 2014 16:48:40" originalPath="C:\ProgramData\Bitdefender\Desktop\Profiles\Logs\dcf483c4-26d0-4e6f-ba28-6a53a00adae1\1389445976_1_02.xml" > <ScanSettings statisticsRefreshInterval="1000" scanSpeed="1.000000" lowPriority="0" enableExclusions="1" enableTaskExclusions="0" scanAdware="1" scanSpyware="1" scanApplications="1" scanDialers="1" scanKeyloggers="1" scanFiles="1" scanAllFiles="1" scanProgramsOnly="0" useCustomPrograms="0" customPrograms="" scanUserDefined="0" scanPacked="1" scanArchives="1" useSmartScan="1" scanEmails="1" scanRootkits="0" scanAllRootkits="1" scanBoot="1" scanMemory="1" scanRegistry="1" quickScan="1" quickScanMemory="0" quickScanAutoruns="0" quickScanPlugins="1" scanCookies="1" shutdownAfter="0" passwordPrompt="0" onlyAllowedActions="1" deepArchiveScan="1" maxArchiveLevel="15" maxArchiveSize="0" infectedAction1="3" infectedAction2="7" suspectAction1="7" suspectAction2="1" rootkitAction="3" userDefinedExtensions="" > <ScanPaths> <path>C:\</path> <path>D:\</path> </ScanPaths> <ExcludedPaths> </ExcludedPaths> <ExcludedExtensions> </ExcludedExtensions> </ScanSettings> <EngineSummary totalSignatures="10761791" /> <ScanSummary scannedArchives="448" scannedPacked="100" startTime="1389445976" duration="9273869" > <TypeSummary type="1" scanned="30" infected="0" suspicious="0" disinfected="0" deleted="0" moved="0" moved_reboot="0" delete_reboot="0" renamed="0" hidden="0" /> <TypeSummary type="4" scanned="42" infected="0" suspicious="0" disinfected="0" deleted="0" moved="0" moved_reboot="0" delete_reboot="0" renamed="0" hidden="0" /> <TypeSummary type="0" scanned="737487" infected="1" suspicious="0" disinfected="0" deleted="1" moved="0" moved_reboot="0" delete_reboot="0" renamed="0" hidden="0" /> <TypeSummary type="5" scanned="0" infected="0" suspicious="0" disinfected="0" deleted="0" moved="0" moved_reboot="0" delete_reboot="0" renamed="0" hidden="0" /> <TypeSummary type="2" scanned="2792" infected="0" suspicious="0" disinfected="0" deleted="0" moved="0" moved_reboot="0" delete_reboot="0" renamed="0" hidden="0" /> <TypeSummary type="3" scanned="4114" infected="0" suspicious="0" disinfected="0" deleted="0" moved="0" moved_reboot="0" delete_reboot="0" renamed="0" hidden="0" /> <TypeSummary type="6" scanned="453" infected="0" suspicious="0" disinfected="0" deleted="0" moved="0" moved_reboot="0" delete_reboot="0" renamed="0" hidden="0" /> </ScanSummary> <ScanDetails> <UnresolvedDetails> </UnresolvedDetails> <ResolvedDetails> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Thunderbird\Profiles\5off7nv0.default\Cache\5\14\EF5DCd01=>[Subject: Luftfrachsendung AWB (95964689146)][Date: Thu, 19 Dec 2013 20:30:32 -0600]=>(MIME part)=>AWB.zip=>AWB.pif" threatType="0" threatName="Trojan.GenericKD.1464210" action="3" allActions="3" initialStatus="3" finalStatus="5" quarId="" failReason="0" /> </ResolvedDetails> <IgnoredDetails> </IgnoredDetails> <QuickScanDetails> </QuickScanDetails> <NotScannedDetails skipped="22031" ioerrors="5" archiveBombs="0" passwordProtected="108" > <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2007_03rechnung_0123456789\2007_03einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-ua.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-cs.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/...dbarempty.png" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-fi.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-es.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/buttonleft.png" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-ko.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2007_05rechnung_0123456789\2007_05einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-no.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-hu.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-sk.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2006_08rechnung_0123456789\2006_08einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/jsparrowup.gif" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-fr.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-ro.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\System Volume Information\{eef5901e-5902-11e3-a4ee-001b247c1f03}{3808876b-c176-4e48-b7ae-04046e6cc752}" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-nl.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-hr.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/iconHeader.png" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/...highlight.png" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2007_10einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2007_11einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-pl.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\System Volume Information\{7c114f65-5c49-11e3-8441-001b247c1f03}{3808876b-c176-4e48-b7ae-04046e6cc752}" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" /> <Item type="0" objectType="0" path="C:\System Volume Information\{0e7f3395-76c9-11e3-936f-001b247c1f03}{3808876b-c176-4e48-b7ae-04046e6cc752}" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-no.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-hu.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/pdc_s_code_sc.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-ru.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/bgcloseprogram.png" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-ro.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/buttonright.png" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-pt.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>bundles.json" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/omniture_s_code.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/logoadobe.gif" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/buttoncenter.png" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-tr.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\System Volume Information\{e4e90b2b-5e8d-11e3-a4b7-001b247c1f03}{3808876b-c176-4e48-b7ae-04046e6cc752}" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-ru.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>download.solidconfig" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2006_10rechnung_0123456789\2006_10einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2006_10rechnung_0123456789.zip=>2006_10einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/...highlight.png" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>gccheck.exe" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2006_11rechnung_0123456789.zip=>2006_11einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2007_01rechnung_0123456789.zip=>2007_01einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/jsparrowdown.gif" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>logo.ico" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-en.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2006_12rechnung_0123456789\2006_12einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2006_12rechnung_0123456789.zip=>2006_12einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2007_03rechnung_0123456789.zip=>2007_03einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/bgbutton.png" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-fr.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-zh-tw.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-nl.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-hr.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2007_05rechnung_0123456789.zip=>2007_05einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/...adbarfull.png" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-pl.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>app.config.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-it.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2006_08rechnung_0123456789.zip=>2006_08einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/bgheadererror.gif" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/bglistbullet.png" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-ua.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-cs.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-sl.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2006_09rechnung_0123456789\2006_09einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2006_09rechnung_0123456789.zip=>2006_09einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-zh-cn.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/...nfinished.png" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-es.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-zh-tw.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-ko.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>gtbcheck.exe" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>gdrcheck.exe" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-pt.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/iconcomplete.gif" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-da.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>openx.html" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-it.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-tr.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/...highlight.png" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-sk.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2006_02rechnung_0123456789\2007_05rechnung_0123456789\2007_05einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-sl.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-zh-cn.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-sv.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-de.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-ja.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_css/default.css" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-da.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/...leteerror.gif" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/language-fi.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>downloader.bundle" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_js/main-merge.js" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>_css/openx.css" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/...dbarerror.png" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2006_11rechnung_0123456789\2006_11einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-sv.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-de.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="D:\Anonym Anon\BERUF\Ordnername\TELEKOMMUNIKATION\TELEKOM\2007_01rechnung_0123456789\2007_01einzelverbindungen_0123456789_schluessel.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>launcher.bundle" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/iconblank.gif" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>window.config.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>language-ja.xml" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>index.html" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> <Item type="0" objectType="0" path="C:\Users\Anonym\AppData\Local\Temp\iZswkos0.exe.part=>(ZIP Sfx o)=>http://www.trojaner-board.de/images/iconerror.gif" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" /> </NotScannedDetails> </ScanDetails> </ScanSession> Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c113afb6ba0924439937b5dce2b9d860
# engine=16616
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-11 04:55:32
# local_time=2014-01-11 05:55:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 15943632 141090523 0 0
# scanned=120863
# found=0
# cleaned=0
# scan_time=2985
|
|
12.01.2014, 08:47
| #7 |
| /// the machine /// TB-Ausbilder | Bitdefender meldet Trojan.GenericKD.1440205 Joah, wie gesagt, da ist alles sauber 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.01.2014, 09:39
| #8 |
| | Bitdefender meldet Trojan.GenericKD.1440205 Sollte ich die 2 von Bitdefender ursprünglich gefundenen Dateien noch löschen? (Wenn ich explizit diesen Ordner scannen lasse, findet er die beiden nämlich immer noch) |
|
13.01.2014, 09:14
| #9 |
| /// the machine /// TB-Ausbilder | Bitdefender meldet Trojan.GenericKD.1440205 Das sind nur Temps: Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.01.2014, 13:08
| #10 |
| | Bitdefender meldet Trojan.GenericKD.1440205 Habe ich durchgeführt, Neustart war nicht nötig. Darf ich nun davon ausgehen, dass alles in Ordnung ist oder soll ich noch weitere Schritte unternehmen? |
|
14.01.2014, 09:45
| #11 |
| /// the machine /// TB-Ausbilder | Bitdefender meldet Trojan.GenericKD.1440205 Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.01.2014, 18:37
| #12 |
| | Bitdefender meldet Trojan.GenericKD.1440205 Danke für deine Hilfe! Ich frage mich, warum Windows immer noch keinen Paketmanager o.Ä. hat, dann wäre das mit den Updates deutlich einfacher. |
|
16.01.2014, 11:33
| #13 |
| /// the machine /// TB-Ausbilder | Bitdefender meldet Trojan.GenericKD.1440205 Microsoft halt
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Bitdefender meldet Trojan.GenericKD.1440205 |
| antispyware, antivirus, browser, defender, desktop, excel, explorer, fehler, firefox, firewall, flash player, helper, homepage, minidump, mozilla, ntdll.dll, performance, plug-in, prozess, registry, rundll, security, services.exe, software, svchost.exe, temp, windows, winlogon.exe |
Linear-Darstellung
