| |
| |||||||
Log-Analyse und Auswertung: Mysearch: Komplett entfernt? 2 Startposts, da Logs zu lang.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.06.2015, 16:07
| #2 |
 |  Mysearch: Komplett entfernt? 2 Startposts, da Logs zu lang. Gmer
__________________[CODE] GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-06-29 16:11:35 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AAKX-001CA0 rev.15.01H15 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\HAUPTU~1\AppData\Local\Temp\pxdoqpob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076af1401 2 bytes JMP 76c0b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076af1419 2 bytes JMP 76c0b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076af1431 2 bytes JMP 76c88f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076af144a 2 bytes CALL 76be489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076af14dd 2 bytes JMP 76c88822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076af14f5 2 bytes JMP 76c889f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076af150d 2 bytes JMP 76c88718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076af1525 2 bytes JMP 76c88ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076af153d 2 bytes JMP 76bffca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076af1555 2 bytes JMP 76c068ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076af156d 2 bytes JMP 76c88fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076af1585 2 bytes JMP 76c88b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076af159d 2 bytes JMP 76c886dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076af15b5 2 bytes JMP 76bffd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076af15cd 2 bytes JMP 76c0b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076af16b2 2 bytes JMP 76c88ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076af16bd 2 bytes JMP 76c88671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000771213ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077121544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000771218ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077121ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077121d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077121e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077121f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077122238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077122683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771226a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000771226c2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll! RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007712271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll! RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077122788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 4 .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077122b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077122b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007712306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000771231f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007712388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000771238e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000771239b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077123f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077124001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077124075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000771241b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000771241f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077124461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007712464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077124713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077124807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077124926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077124a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077124aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077124ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077124ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077124fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077125193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077125f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077126016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007712610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000771262fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007712633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077126354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000771263ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077126b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007716dc80 8 bytes {JMP QWORD [RIP-0x47949]} .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007716de00 8 bytes {JMP QWORD [RIP-0x47ab2]} .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007716de30 8 bytes {JMP QWORD [RIP-0x47e20]} .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007716df50 8 bytes {JMP QWORD [RIP-0x47c5a]} .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007716e000 8 bytes {JMP QWORD [RIP-0x47ef8]} .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007716e630 8 bytes {JMP QWORD [RIP-0x47102]} .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007716e880 8 bytes {JMP QWORD [RIP-0x47d10]} .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007716f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]} .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074ba13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074ba146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074ba19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074ba19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe[3612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074ba1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000771213ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077121544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000771218ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077121ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077121d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077121e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077121f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077122238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077122683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771226a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000771226c2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007712271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077122788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 4 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077122b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077122b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007712306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000771231f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007712388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000771238e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000771239b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077123f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077124001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077124075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000771241b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000771241f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077124461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007712464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077124713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077124807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077124926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077124a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077124aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077124ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077124ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077124fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077125193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077125f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077126016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007712610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000771262fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007712633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077126354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000771263ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077126b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007716dc80 8 bytes {JMP QWORD [RIP-0x47949]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007716de00 8 bytes {JMP QWORD [RIP-0x47ab2]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007716de30 8 bytes {JMP QWORD [RIP-0x47e20]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007716df50 8 bytes {JMP QWORD [RIP-0x47c5a]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007716e000 8 bytes {JMP QWORD [RIP-0x47ef8]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007716e630 8 bytes {JMP QWORD [RIP-0x47102]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007716e880 8 bytes {JMP QWORD [RIP-0x47d10]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007716f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074ba13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074ba146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074ba19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074ba19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074ba1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000771213ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077121544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000771218ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077121ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077121d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077121e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077121f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077122238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077122683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771226a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000771226c2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007712271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077122788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 4 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077122b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077122b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007712306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000771231f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007712388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000771238e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000771239b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077123f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077124001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077124075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000771241b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000771241f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077124461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007712464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077124713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077124807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077124926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077124a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077124aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077124ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077124ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077124fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077125193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077125f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077126016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007712610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000771262fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007712633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077126354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000771263ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077126b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007716dc80 8 bytes {JMP QWORD [RIP-0x47949]} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007716de00 8 bytes {JMP QWORD [RIP-0x47ab2]} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007716de30 8 bytes {JMP QWORD [RIP-0x47e20]} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007716df50 8 bytes {JMP QWORD [RIP-0x47c5a]} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007716e000 8 bytes {JMP QWORD [RIP-0x47ef8]} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007716e630 8 bytes {JMP QWORD [RIP-0x47102]} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007716e880 8 bytes {JMP QWORD [RIP-0x47d10]} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007716f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074ba13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074ba146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074ba19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074ba19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074ba1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 00000000767254af 5 bytes JMP 0000000100200800 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076af1401 2 bytes JMP 76c0b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076af1419 2 bytes JMP 76c0b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076af1431 2 bytes JMP 76c88f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076af144a 2 bytes CALL 76be489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076af14dd 2 bytes JMP 76c88822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076af14f5 2 bytes JMP 76c889f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076af150d 2 bytes JMP 76c88718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076af1525 2 bytes JMP 76c88ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076af153d 2 bytes JMP 76bffca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076af1555 2 bytes JMP 76c068ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076af156d 2 bytes JMP 76c88fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076af1585 2 bytes JMP 76c88b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076af159d 2 bytes JMP 76c886dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076af15b5 2 bytes JMP 76bffd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076af15cd 2 bytes JMP 76c0b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076af16b2 2 bytes JMP 76c88ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076af16bd 2 bytes JMP 76c88671 C:\Windows\syswow64\kernel32.dll .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000771213ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077121544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000771218ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077121ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077121d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077121e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077121f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077122238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077122683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771226a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000771226c2 8 bytes {JMP 0x10} .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007712271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077122788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 4 .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077122b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077122b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007712306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000771231f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007712388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000771238e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000771239b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077123f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077124001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077124075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000771241b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000771241f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077124461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007712464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077124713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077124807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077124926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077124a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077124aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077124ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077124ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077124fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077125193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077125f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077126016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007712610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000771262fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007712633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077126354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000771263ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077126b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007716dc80 8 bytes {JMP QWORD [RIP-0x47949]} .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007716de00 8 bytes {JMP QWORD [RIP-0x47ab2]} .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007716de30 8 bytes {JMP QWORD [RIP-0x47e20]} .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007716df50 8 bytes {JMP QWORD [RIP-0x47c5a]} .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007716e000 8 bytes {JMP QWORD [RIP-0x47ef8]} .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007716e630 8 bytes {JMP QWORD [RIP-0x47102]} .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007716e880 8 bytes {JMP QWORD [RIP-0x47d10]} .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007716f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]} .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074ba13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074ba146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074ba19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074ba19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074ba1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076af1401 2 bytes JMP 76c0b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076af1419 2 bytes JMP 76c0b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076af1431 2 bytes JMP 76c88f29 C:\Windows\syswow64\kernel32.dll .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076af144a 2 bytes CALL 76be489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076af14dd 2 bytes JMP 76c88822 C:\Windows\syswow64\kernel32.dll .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076af14f5 2 bytes JMP 76c889f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076af150d 2 bytes JMP 76c88718 C:\Windows\syswow64\kernel32.dll .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076af1525 2 bytes JMP 76c88ae2 C:\Windows\syswow64\kernel32.dll .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076af153d 2 bytes JMP 76bffca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076af1555 2 bytes JMP 76c068ef C:\Windows\syswow64\kernel32.dll .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076af156d 2 bytes JMP 76c88fe3 C:\Windows\syswow64\kernel32.dll .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076af1585 2 bytes JMP 76c88b42 C:\Windows\syswow64\kernel32.dll .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076af159d 2 bytes JMP 76c886dc C:\Windows\syswow64\kernel32.dll .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076af15b5 2 bytes JMP 76bffd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076af15cd 2 bytes JMP 76c0b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076af16b2 2 bytes JMP 76c88ea4 C:\Windows\syswow64\kernel32.dll .text C:\Users\userltdkonto\Desktop\Defogger.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076af16bd 2 bytes JMP 76c88671 C:\Windows\syswow64\kernel32.dll .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000771213ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077121544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000771218ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077121ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077121d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077121e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077121f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077122238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 0000000077122683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771226a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000771226c2 8 bytes {JMP 0x10} .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007712271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077122788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 4 .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077122b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077122b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007712306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000771231f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 000000007712388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000771238e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000771239b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077123f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077124001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077124075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000771241b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000771241f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 0000000077124461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 000000007712464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077124713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077124807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077124926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077124a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077124aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077124ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077124ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077124fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 0000000077125193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077125f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 0000000077126016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007712610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000771262fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 000000007712633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077126354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000771263ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077126b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007716dc80 8 bytes {JMP QWORD [RIP-0x47949]} .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007716de00 8 bytes {JMP QWORD [RIP-0x47ab2]} .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007716de30 8 bytes {JMP QWORD [RIP-0x47e20]} .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007716df50 8 bytes {JMP QWORD [RIP-0x47c5a]} .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007716e000 8 bytes {JMP QWORD [RIP-0x47ef8]} .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007716e630 8 bytes {JMP QWORD [RIP-0x47102]} .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007716e880 8 bytes {JMP QWORD [RIP-0x47d10]} .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007716f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]} .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074ba13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074ba146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074ba16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074ba19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074ba19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\userltdkonto\Desktop\Gmer-19357.exe[3984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074ba1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- EOF - GMER 2.1 ---- Gibt es noch Hinweise auf Malware/Adware oder ist das System wieder sauber? Vielen Dank schon mal fürs Lesen dieses Riesenpostings. |
| Themen zu Mysearch: Komplett entfernt? 2 Startposts, da Logs zu lang. |
| .dll, adware, antivirus, bonjour, browser, defender, ebanking, explorer, fehlalarm, firefox, helper, installation, internet, internet explorer, kaspersky, lotus, lws.exe, mozilla, nvidia, photoshop, security, server, services.exe, sourceforge, superantispyware, svchost.exe, temp, windows, winlogon.exe |
Baum-Darstellung