Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Beim Virenscan Malware backdoor.win32.androm.eutw gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 22.10.2014, 10:51   #1
coldmorning
 
Beim Virenscan Malware backdoor.win32.androm.eutw gefunden - Standard

Beim Virenscan Malware backdoor.win32.androm.eutw gefunden



Hallo,

nachdem ich den Rechner meines Kumpels mit eurer Hilfe gereinigt hat schein es mich nun auch getroffen zu haben. Hab mit Kaspersky einen Virenscan gemacht und promt Malware gefunden.

hier die logs (musste auf mehrere Posts aufteilen.

Kaspersky:

Code:
ATTFilter
Gefundenes Objekt (Datei) wurde nicht verarbeitet	"D:\Windows Live Mail\Freenet (st f5e\Posteingang\3B4511AA-00000593.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr"	"D:\Windows Live Mail\Freenet (st f5e\Posteingang\3B4511AA-00000593.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr"	Backdoor.Win32.Androm.eutw	Trojanisches Programm	Heute, 21:07
Gefundenes Objekt (Datei) wurde nicht verarbeitet	"C:\Documents and Settings\Stephan\AppData\Local\Microsoft\Windows Live Mail\Freenet.de\Posteingang\6D221AF4-00000593.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr"	"C:\Documents and Settings\Stephan\AppData\Local\Microsoft\Windows Live Mail\Freenet.de\Posteingang\6D221AF4-00000593.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr"	Backdoor.Win32.Androm.eutw	Trojanisches Programm	Heute, 20:26
Gefundenes Objekt (Datei) wurde nicht verarbeitet	"C:\Documents and Settings\Stephan\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte 3e4\Freenet (st f5e\Posteingang\0BAF5B92-00000044.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr"	"C:\Documents and Settings\Stephan\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte 3e4\Freenet (st f5e\Posteingang\0BAF5B92-00000044.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr"	Backdoor.Win32.Androm.eutw	Trojanisches Programm	Heute, 20:26
         
gmer Teil 1:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-21 21:28:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\00000061 Samsung_ rev.EXT0 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Familie\AppData\Local\Temp\fwdirfoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                            0000000076f31465 2 bytes [F3, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                           0000000076f314bb 2 bytes [F3, 76]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                             0000000076f31465 2 bytes [F3, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                            0000000076f314bb 2 bytes [F3, 76]
.text  ...                                                                                                                                                                                  * 2
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                     00000000779111f5 8 bytes {JMP 0xd}
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                   0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Pro                                                                      00000000779111f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                           0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                  000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                  000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                          000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                          0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                         0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                            0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                            0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                               0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                              0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                      0000000077911fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                  0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                  0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                       0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                              00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                            00000000779127d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                             000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                            0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                    0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                    0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                            0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                00000000779133c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                               0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                               0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                   0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                   0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                            0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                      0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                    0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                          0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                            0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                          0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                        0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                        0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                     0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                       0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                  0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                  0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                            0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                              0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                            0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                 00000000779111f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                               0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                      000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                      000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                              000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                              0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                             0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                    0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                   0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                  0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                          0000000077911fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                      0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                      0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                           0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                  00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                00000000779127d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                        0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                        0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                    000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                    00000000779133c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                   0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                   0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                       0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                       0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                          0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                        0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                              0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                            0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                              0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                              00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                            0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                            0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                         0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                           0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                      0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                      0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                  0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                     0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                             00000000779111f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                           0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                  000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                  000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                          000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                          0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                         0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                            0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                            0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                               0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                              0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                      0000000077911fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                  0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                  0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                       0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                              00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                            00000000779127d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                             000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                            0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                    0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                    0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                            0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                00000000779133c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                               0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                               0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                   0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                   0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                            0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                      0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                    0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                          0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                            0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                          0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                        0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                        0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                     0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                       0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                  0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                  0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                            0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                              0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                            0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                      00000000779111f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                    0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                           000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                           000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                   000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                   0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                  0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                     0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                     0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                         0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                        0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                       0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                               0000000077911fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                           0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                           0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                                0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                       00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                     00000000779127d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                      000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                     0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                             0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                             0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                     0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                         000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                         00000000779133c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                        0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                        0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                            0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                            0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                     0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                               0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                             0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                   0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                     0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                   0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                              0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                                0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                           0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                           0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                     0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                       0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                     0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                          0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                            0000000076f31465 2 bytes [F3, 76]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                           0000000076f314bb 2 bytes [F3, 76]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                              00000000779111f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                            0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                   000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                   000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                           000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                           0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                          0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                             0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                             0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                               0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                       0000000077911fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                   0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                   0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                        0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                               00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                             00000000779127d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                              000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                             0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                     0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                     0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                             0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                 00000000779133c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                    0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                    0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                             0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                       0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                     0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                           0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                         0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                             0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                             0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                           0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                           00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                         0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                         0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                      0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                        0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                   0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                   0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                             0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                               0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                             0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                  0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                          00000000779111f5 8 bytes {JMP 0xd}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                        0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                               000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                               000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                       000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                       0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                      0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                         0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                         0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                             0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                            0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                           0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                                   0000000077911fd7 8 bytes {JMP 0xb}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                               0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                               0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                                    0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                           00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                         00000000779127d2 8 bytes {JMP 0x10}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                          000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                         0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                                 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                         0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                             000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                             00000000779133c0 16 bytes {JMP 0x4e}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                            0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                            0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                                0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                         0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                   0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                       0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                     0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                         0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                         0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                       0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                       00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                     0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                     0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                  0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                                    0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                               0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                               0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                         0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                           0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                         0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                              0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Kernel IAT/EAT - GMER 2.1 ----

IAT    C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback]                                                                                                                      [fffff880044c3fb0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00190e0993ca                                                                                                          
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00190e0993ca@789ed08a1c82                                                                                             0xDF 0x16 0x94 0x22 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00190e0993ca (not active ControlSet)                                                                                      
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00190e0993ca@789ed08a1c82                                                                                                 0xDF 0x16 0x94 0x22 ...

---- Files - GMER 2.1 ----

File   C:\Program Files (x86)\Secunia\PSI\SUA\running                                                                                                                                       0 bytes

---- EOF - GMER 2.1 ----
         

 

Themen zu Beim Virenscan Malware backdoor.win32.androm.eutw gefunden
appdata, bytes, c:\windows, cache, code, datei, driver, files, foto, free, ics, kaspersky, live, mail, malware, microsoft, pdf, rechner, scan, system, system32, usb, windows, windows live, windows live mail




Ähnliche Themen: Beim Virenscan Malware backdoor.win32.androm.eutw gefunden


  1. WinXP Kaspersky findet Backdoor.win32.androm.ihru
    Plagegeister aller Art und deren Bekämpfung - 05.10.2015 (24)
  2. Bitte dringend um Hilfe - Backdoor.Win32.Androm.henq Trojaner Macbook
    Plagegeister aller Art und deren Bekämpfung - 11.06.2015 (7)
  3. Windows 8: Trojaner (Backdoor.Win32.Androm.gjvy) auf Computer nach öffnen einer Email für pay pal Rechnung
    Log-Analyse und Auswertung - 25.03.2015 (13)
  4. Backdoor.Bot - gefunden durch Malewarebytes Anti Malware
    Plagegeister aller Art und deren Bekämpfung - 10.03.2015 (5)
  5. Win32: Malware-gen / Win32: Trojan-gen bei Routinescan mit AVAST gefunden! Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 17.02.2015 (5)
  6. PC langsam, hängt sich beim Surfen auf, Bluescreen, Advanced System Protector, Win32:Dropper-gen, Win32:Malware-gen, Win32:Rootkit-gen u.a.
    Log-Analyse und Auswertung - 07.02.2015 (12)
  7. Backdoor.Win32.Androm.fxul
    Log-Analyse und Auswertung - 10.01.2015 (7)
  8. Windows 7: “Trojan.Win32.Jorik.Androm.pep”
    Log-Analyse und Auswertung - 19.05.2014 (33)
  9. Email- und Ebaykonto missbraucht: TR/Fraud.Gen8 und TR/Crypt.TPM.Gen beim Virenscan gefunden
    Log-Analyse und Auswertung - 16.01.2014 (7)
  10. Kaspersky findet Backdoor.Win32.Androm.cue
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (17)
  11. BDS/Androm.nbnv [backdoor] gefunden
    Log-Analyse und Auswertung - 25.10.2013 (3)
  12. 3 Trojianer gefunden: Win32: Sirefef-AVF, JS: ScriptPE-inf, Win32: Malware-gen
    Log-Analyse und Auswertung - 02.02.2013 (4)
  13. Probleme beim Online-Banking: Trojan.Win32.Generic!BT, Win32.Backdoor.Papras/A und andere...
    Log-Analyse und Auswertung - 06.11.2010 (19)
  14. Pc lahmt .Backdoor.ieboot,siszpe.exe und Malware gefunden und nun?
    Plagegeister aller Art und deren Bekämpfung - 26.06.2010 (19)
  15. Gefunden: Backdoor.Win32.Shark.dxa
    Log-Analyse und Auswertung - 07.04.2009 (8)
  16. backdoor.win32.rbot.gen gefunden
    Log-Analyse und Auswertung - 19.09.2006 (4)
  17. Backdoor.Win32.Cakl.a GEFUNDEN
    Plagegeister aller Art und deren Bekämpfung - 14.05.2006 (9)

Zum Thema Beim Virenscan Malware backdoor.win32.androm.eutw gefunden - Hallo, nachdem ich den Rechner meines Kumpels mit eurer Hilfe gereinigt hat schein es mich nun auch getroffen zu haben. Hab mit Kaspersky einen Virenscan gemacht und promt Malware gefunden. - Beim Virenscan Malware backdoor.win32.androm.eutw gefunden...
Archiv
Du betrachtest: Beim Virenscan Malware backdoor.win32.androm.eutw gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.