![]() |
|
Log-Analyse und Auswertung: Beim Virenscan Malware backdoor.win32.androm.eutw gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() Beim Virenscan Malware backdoor.win32.androm.eutw gefunden Hallo, nachdem ich den Rechner meines Kumpels mit eurer Hilfe gereinigt hat schein es mich nun auch getroffen zu haben. Hab mit Kaspersky einen Virenscan gemacht und promt Malware gefunden. hier die logs (musste auf mehrere Posts aufteilen. Kaspersky: Code:
ATTFilter Gefundenes Objekt (Datei) wurde nicht verarbeitet "D:\Windows Live Mail\Freenet (st f5e\Posteingang\3B4511AA-00000593.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr" "D:\Windows Live Mail\Freenet (st f5e\Posteingang\3B4511AA-00000593.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr" Backdoor.Win32.Androm.eutw Trojanisches Programm Heute, 21:07 Gefundenes Objekt (Datei) wurde nicht verarbeitet "C:\Documents and Settings\Stephan\AppData\Local\Microsoft\Windows Live Mail\Freenet.de\Posteingang\6D221AF4-00000593.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr" "C:\Documents and Settings\Stephan\AppData\Local\Microsoft\Windows Live Mail\Freenet.de\Posteingang\6D221AF4-00000593.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr" Backdoor.Win32.Androm.eutw Trojanisches Programm Heute, 20:26 Gefundenes Objekt (Datei) wurde nicht verarbeitet "C:\Documents and Settings\Stephan\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte 3e4\Freenet (st f5e\Posteingang\0BAF5B92-00000044.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr" "C:\Documents and Settings\Stephan\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte 3e4\Freenet (st f5e\Posteingang\0BAF5B92-00000044.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr" Backdoor.Win32.Androm.eutw Trojanisches Programm Heute, 20:26 Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-10-21 21:28:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\00000061 Samsung_ rev.EXT0 111,79GB Running: Gmer-19357.exe; Driver: C:\Users\Familie\AppData\Local\Temp\fwdirfoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76] .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76] .text ... * 2 .text C:\Program Files (x86)\Secunia\PSI\sua.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76] .text C:\Program Files (x86)\Secunia\PSI\sua.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76] .text ... * 2 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779111f5 8 bytes {JMP 0xd} .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Pro 00000000779111f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077911fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779127d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779133c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779111f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077911fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779127d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779133c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779111f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077911fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779127d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779133c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779111f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077911fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779127d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779133c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76] .text ... * 2 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779111f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077911fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779127d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779133c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779111f5 8 bytes {JMP 0xd} .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077911fd7 8 bytes {JMP 0xb} .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779127d2 8 bytes {JMP 0x10} .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779133c0 16 bytes {JMP 0x4e} .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff880044c3fb0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00190e0993ca Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00190e0993ca@789ed08a1c82 0xDF 0x16 0x94 0x22 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00190e0993ca (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00190e0993ca@789ed08a1c82 0xDF 0x16 0x94 0x22 ... ---- Files - GMER 2.1 ---- File C:\Program Files (x86)\Secunia\PSI\SUA\running 0 bytes ---- EOF - GMER 2.1 ---- |
Themen zu Beim Virenscan Malware backdoor.win32.androm.eutw gefunden |
appdata, bytes, c:\windows, cache, code, datei, driver, files, foto, free, ics, kaspersky, live, mail, malware, microsoft, pdf, rechner, scan, system, system32, usb, windows, windows live, windows live mail |