Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Gen:Trojan.Heur.AutoIT.3 gefunden

Gen:Trojan.Heur.AutoIT.3 gefunden


Plagegeister aller Art und deren Bekämpfung: Gen:Trojan.Heur.AutoIT.3 gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 01.12.2015, 19:22   #2
unwissend81
 
Gen:Trojan.Heur.AutoIT.3 gefunden - Standard

Gen:Trojan.Heur.AutoIT.3 gefunden


Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-12-01 19:12:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.01.0 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\***\AppData\Local\Temp\kwdiipow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                    0000000075a21401 2 bytes JMP 7712b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                      0000000075a21419 2 bytes JMP 7712b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                    0000000075a21431 2 bytes JMP 771a8fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                    0000000075a2144a 2 bytes CALL 7710489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                       0000000075a214dd 2 bytes JMP 771a88c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                0000000075a214f5 2 bytes JMP 771a8aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                       0000000075a2150d 2 bytes JMP 771a87ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                0000000075a21525 2 bytes JMP 771a8b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                      0000000075a2153d 2 bytes JMP 7711fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                           0000000075a21555 2 bytes JMP 771268ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                    0000000075a2156d 2 bytes JMP 771a9089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                      0000000075a21585 2 bytes JMP 771a8bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                         0000000075a2159d 2 bytes JMP 771a877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                      0000000075a215b5 2 bytes JMP 7711fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                    0000000075a215cd 2 bytes JMP 7712b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                0000000075a216b2 2 bytes JMP 771a8f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                0000000075a216bd 2 bytes JMP 771a8713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                     0000000075a21401 2 bytes JMP 7712b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3300] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                       0000000075a21419 2 bytes JMP 7712b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                     0000000075a21431 2 bytes JMP 771a8fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                     0000000075a2144a 2 bytes CALL 7710489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3300] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                        0000000075a214dd 2 bytes JMP 771a88c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                 0000000075a214f5 2 bytes JMP 771a8aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                        0000000075a2150d 2 bytes JMP 771a87ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                 0000000075a21525 2 bytes JMP 771a8b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                       0000000075a2153d 2 bytes JMP 7711fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3300] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                            0000000075a21555 2 bytes JMP 771268ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                     0000000075a2156d 2 bytes JMP 771a9089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                       0000000075a21585 2 bytes JMP 771a8bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                          0000000075a2159d 2 bytes JMP 771a877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                       0000000075a215b5 2 bytes JMP 7711fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                     0000000075a215cd 2 bytes JMP 7712b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                 0000000075a216b2 2 bytes JMP 771a8f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                 0000000075a216bd 2 bytes JMP 771a8713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3324] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                             0000000075a21401 2 bytes JMP 7712b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3324] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                               0000000075a21419 2 bytes JMP 7712b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                             0000000075a21431 2 bytes JMP 771a8fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                             0000000075a2144a 2 bytes CALL 7710489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3324] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                0000000075a214dd 2 bytes JMP 771a88c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3324] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                         0000000075a214f5 2 bytes JMP 771a8aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3324] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                0000000075a2150d 2 bytes JMP 771a87ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3324] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                         0000000075a21525 2 bytes JMP 771a8b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3324] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                               0000000075a2153d 2 bytes JMP 7711fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3324] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                    0000000075a21555 2 bytes JMP 771268ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3324] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                             0000000075a2156d 2 bytes JMP 771a9089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3324] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                               0000000075a21585 2 bytes JMP 771a8bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3324] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                  0000000075a2159d 2 bytes JMP 771a877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3324] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                               0000000075a215b5 2 bytes JMP 7711fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3324] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                             0000000075a215cd 2 bytes JMP 7712b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3324] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                         0000000075a216b2 2 bytes JMP 771a8f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3324] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                         0000000075a216bd 2 bytes JMP 771a8713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3588] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17                                                                                                  0000000075a21401 2 bytes JMP 7712b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3588] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17                                                                                                    0000000075a21419 2 bytes JMP 7712b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3588] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17                                                                                                  0000000075a21431 2 bytes JMP 771a8fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3588] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42                                                                                                  0000000075a2144a 2 bytes CALL 7710489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3588] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17                                                                                                     0000000075a214dd 2 bytes JMP 771a88c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3588] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                              0000000075a214f5 2 bytes JMP 771a8aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3588] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17                                                                                                     0000000075a2150d 2 bytes JMP 771a87ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3588] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                              0000000075a21525 2 bytes JMP 771a8b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3588] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17                                                                                                    0000000075a2153d 2 bytes JMP 7711fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3588] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17                                                                                                         0000000075a21555 2 bytes JMP 771268ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3588] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17                                                                                                  0000000075a2156d 2 bytes JMP 771a9089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3588] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17                                                                                                    0000000075a21585 2 bytes JMP 771a8bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3588] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17                                                                                                       0000000075a2159d 2 bytes JMP 771a877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3588] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17                                                                                                    0000000075a215b5 2 bytes JMP 7711fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3588] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17                                                                                                  0000000075a215cd 2 bytes JMP 7712b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3588] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20                                                                                              0000000075a216b2 2 bytes JMP 771a8f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[3588] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31                                                                                              0000000075a216bd 2 bytes JMP 771a8713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                 0000000075a21401 2 bytes JMP 7712b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                   0000000075a21419 2 bytes JMP 7712b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                 0000000075a21431 2 bytes JMP 771a8fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                 0000000075a2144a 2 bytes CALL 7710489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                    0000000075a214dd 2 bytes JMP 771a88c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                             0000000075a214f5 2 bytes JMP 771a8aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                    0000000075a2150d 2 bytes JMP 771a87ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                             0000000075a21525 2 bytes JMP 771a8b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                   0000000075a2153d 2 bytes JMP 7711fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                        0000000075a21555 2 bytes JMP 771268ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                 0000000075a2156d 2 bytes JMP 771a9089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                   0000000075a21585 2 bytes JMP 771a8bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                      0000000075a2159d 2 bytes JMP 771a877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                   0000000075a215b5 2 bytes JMP 7711fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                 0000000075a215cd 2 bytes JMP 7712b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                             0000000075a216b2 2 bytes JMP 771a8f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                             0000000075a216bd 2 bytes JMP 771a8713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                   0000000075a21401 2 bytes JMP 7712b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[4080] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                     0000000075a21419 2 bytes JMP 7712b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                   0000000075a21431 2 bytes JMP 771a8fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                   0000000075a2144a 2 bytes CALL 7710489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[4080] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                      0000000075a214dd 2 bytes JMP 771a88c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                               0000000075a214f5 2 bytes JMP 771a8aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[4080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                      0000000075a2150d 2 bytes JMP 771a87ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                               0000000075a21525 2 bytes JMP 771a8b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                     0000000075a2153d 2 bytes JMP 7711fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[4080] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                          0000000075a21555 2 bytes JMP 771268ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                   0000000075a2156d 2 bytes JMP 771a9089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                     0000000075a21585 2 bytes JMP 771a8bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[4080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                        0000000075a2159d 2 bytes JMP 771a877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                     0000000075a215b5 2 bytes JMP 7711fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                   0000000075a215cd 2 bytes JMP 7712b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                               0000000075a216b2 2 bytes JMP 771a8f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                               0000000075a216bd 2 bytes JMP 771a8713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                          0000000075a21401 2 bytes JMP 7712b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2608] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                            0000000075a21419 2 bytes JMP 7712b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                          0000000075a21431 2 bytes JMP 771a8fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                          0000000075a2144a 2 bytes CALL 7710489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2608] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                             0000000075a214dd 2 bytes JMP 771a88c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                      0000000075a214f5 2 bytes JMP 771a8aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2608] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                             0000000075a2150d 2 bytes JMP 771a87ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                      0000000075a21525 2 bytes JMP 771a8b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                            0000000075a2153d 2 bytes JMP 7711fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2608] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                 0000000075a21555 2 bytes JMP 771268ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                          0000000075a2156d 2 bytes JMP 771a9089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                            0000000075a21585 2 bytes JMP 771a8bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2608] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                               0000000075a2159d 2 bytes JMP 771a877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                            0000000075a215b5 2 bytes JMP 7711fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                          0000000075a215cd 2 bytes JMP 7712b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                      0000000075a216b2 2 bytes JMP 771a8f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                      0000000075a216bd 2 bytes JMP 771a8713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                    0000000075a21401 2 bytes JMP 7712b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[500] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                      0000000075a21419 2 bytes JMP 7712b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                    0000000075a21431 2 bytes JMP 771a8fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                    0000000075a2144a 2 bytes CALL 7710489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[500] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                       0000000075a214dd 2 bytes JMP 771a88c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                0000000075a214f5 2 bytes JMP 771a8aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                       0000000075a2150d 2 bytes JMP 771a87ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                0000000075a21525 2 bytes JMP 771a8b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                      0000000075a2153d 2 bytes JMP 7711fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[500] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                           0000000075a21555 2 bytes JMP 771268ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[500] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                    0000000075a2156d 2 bytes JMP 771a9089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[500] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                      0000000075a21585 2 bytes JMP 771a8bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                         0000000075a2159d 2 bytes JMP 771a877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                      0000000075a215b5 2 bytes JMP 7711fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                    0000000075a215cd 2 bytes JMP 7712b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                0000000075a216b2 2 bytes JMP 771a8f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                0000000075a216bd 2 bytes JMP 771a8713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                     0000000075a21401 2 bytes JMP 7712b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[4192] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                       0000000075a21419 2 bytes JMP 7712b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                     0000000075a21431 2 bytes JMP 771a8fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                     0000000075a2144a 2 bytes CALL 7710489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[4192] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                        0000000075a214dd 2 bytes JMP 771a88c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                 0000000075a214f5 2 bytes JMP 771a8aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[4192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                        0000000075a2150d 2 bytes JMP 771a87ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                 0000000075a21525 2 bytes JMP 771a8b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                       0000000075a2153d 2 bytes JMP 7711fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[4192] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                            0000000075a21555 2 bytes JMP 771268ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                     0000000075a2156d 2 bytes JMP 771a9089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                       0000000075a21585 2 bytes JMP 771a8bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[4192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                          0000000075a2159d 2 bytes JMP 771a877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                       0000000075a215b5 2 bytes JMP 7711fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                     0000000075a215cd 2 bytes JMP 7712b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                 0000000075a216b2 2 bytes JMP 771a8f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                 0000000075a216bd 2 bytes JMP 771a8713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                      0000000075a21401 2 bytes JMP 7712b21b C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4372] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                        0000000075a21419 2 bytes JMP 7712b346 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                      0000000075a21431 2 bytes JMP 771a8fd1 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                      0000000075a2144a 2 bytes CALL 7710489d C:\Windows\syswow64\KERNEL32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4372] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                         0000000075a214dd 2 bytes JMP 771a88c4 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                  0000000075a214f5 2 bytes JMP 771a8aa0 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                         0000000075a2150d 2 bytes JMP 771a87ba C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                  0000000075a21525 2 bytes JMP 771a8b8a C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                        0000000075a2153d 2 bytes JMP 7711fca8 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4372] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                             0000000075a21555 2 bytes JMP 771268ef C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4372] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                      0000000075a2156d 2 bytes JMP 771a9089 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4372] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                        0000000075a21585 2 bytes JMP 771a8bea C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                           0000000075a2159d 2 bytes JMP 771a877e C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                        0000000075a215b5 2 bytes JMP 7711fd41 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                      0000000075a215cd 2 bytes JMP 7712b2dc C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                  0000000075a216b2 2 bytes JMP 771a8f4c C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[4372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                  0000000075a216bd 2 bytes JMP 771a8713 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                0000000075a21401 2 bytes JMP 7712b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                  0000000075a21419 2 bytes JMP 7712b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                0000000075a21431 2 bytes JMP 771a8fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                0000000075a2144a 2 bytes CALL 7710489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                   0000000075a214dd 2 bytes JMP 771a88c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                            0000000075a214f5 2 bytes JMP 771a8aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                   0000000075a2150d 2 bytes JMP 771a87ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                            0000000075a21525 2 bytes JMP 771a8b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                  0000000075a2153d 2 bytes JMP 7711fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                       0000000075a21555 2 bytes JMP 771268ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                0000000075a2156d 2 bytes JMP 771a9089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                  0000000075a21585 2 bytes JMP 771a8bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                     0000000075a2159d 2 bytes JMP 771a877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                  0000000075a215b5 2 bytes JMP 7711fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                0000000075a215cd 2 bytes JMP 7712b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                            0000000075a216b2 2 bytes JMP 771a8f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                            0000000075a216bd 2 bytes JMP 771a8713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[7556] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                         0000000075a21401 2 bytes JMP 7712b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[7556] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                           0000000075a21419 2 bytes JMP 7712b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[7556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                         0000000075a21431 2 bytes JMP 771a8fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[7556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                         0000000075a2144a 2 bytes CALL 7710489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[7556] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                            0000000075a214dd 2 bytes JMP 771a88c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[7556] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                     0000000075a214f5 2 bytes JMP 771a8aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[7556] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                            0000000075a2150d 2 bytes JMP 771a87ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[7556] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                     0000000075a21525 2 bytes JMP 771a8b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[7556] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                           0000000075a2153d 2 bytes JMP 7711fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[7556] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                0000000075a21555 2 bytes JMP 771268ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[7556] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                         0000000075a2156d 2 bytes JMP 771a9089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[7556] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                           0000000075a21585 2 bytes JMP 771a8bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[7556] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                              0000000075a2159d 2 bytes JMP 771a877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[7556] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                           0000000075a215b5 2 bytes JMP 7711fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[7556] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                         0000000075a215cd 2 bytes JMP 7712b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[7556] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                     0000000075a216b2 2 bytes JMP 771a8f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[7556] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                     0000000075a216bd 2 bytes JMP 771a8713 C:\Windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----

Library  c:\users\***\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprf_y8x.dll (*** suspicious ***) @ C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3588](2015-12-01 17:58:45)  0000000071120000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43e3102e                                                                                                                                      
Reg      HKLM\SYSTEM\CurrentControlSet\services\WinUsb\Parameters\Wdf@TimeOfLastSqmLog                                                                                                                                    0xE2 0x64 0x55 0xFB ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43e3102e (not active ControlSet)                                                                                                                  

---- EOF - GMER 2.1 ----
Ich danke euch vielmals.
Sandra
__________________
 

Themen zu Gen:Trojan.Heur.AutoIT.3 gefunden
antivirus, combofix, computer, converter, dnsapi.dll, firefox, flash player, help, home, homepage, installation, mozilla, problem, prozesse, registry, rundll, scan, sicherheit, software, stick, svchost.exe, synology, system, teamspeak, ublock, ublock origin, udp, vista, windows


« Erneut watch4-Befall | komische prozesse,bin ich infiziert? »


Ähnliche Themen: Gen:Trojan.Heur.AutoIT.3 gefunden


  1. Rechner fährt alleine hoch und runter & Trojan.Generic & verschiedene HEUR/QVM wurde gefunden
    Plagegeister aller Art und deren Bekämpfung - 31.10.2014 (13)
  2. Win XP - Gen:Trojan.Heur.xm0, PUP.Optional.InstallMonetizer und andere Plagegeister gefunden
    Log-Analyse und Auswertung - 04.03.2014 (35)
  3. ZoneAlarm hat zwei Viren gefunden: HEUR:Exploit.Script.Generic und HEUR:Exploit.Java.Generic
    Log-Analyse und Auswertung - 21.02.2014 (15)
  4. [Win XP] botnet: ntp-muliplier; desinfect: Trojan.Script.Iframer, Trojan.Heur.TP, Win.Trojan.Iniduoh, Win.Trojan.Ramnit
    Log-Analyse und Auswertung - 08.02.2014 (16)
  5. Trojan.Heur.FU & Trojan.Heur.AutoIT.1 & Banker.d Worm
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (34)
  6. Systemdatum verstellt - "HEUR:Trojan.Script.Iframer" mit desinfec't gefunden
    Log-Analyse und Auswertung - 06.01.2014 (21)
  7. Windows7:Kapersky findet HEUR:Trojan.Win32.generic und Trojan.Downloader.Win32MultiDL (Arbeitspc!)
    Log-Analyse und Auswertung - 15.11.2013 (9)
  8. Kaspersky hat HEUR:Trojan.Win32.Generic gefunden
    Plagegeister aller Art und deren Bekämpfung - 08.11.2013 (15)
  9. Trojan-Downloader.Win32.AutoIt.lq, wie Datein wieder herstellen
    Plagegeister aller Art und deren Bekämpfung - 22.04.2013 (13)
  10. Trojan.Agent/Gen-Autoit auf Ext. Backup HDD
    Log-Analyse und Auswertung - 04.04.2012 (13)
  11. Gen: Trojan.Heur.GM.01E0000002 und Trojan.Generic.4033639 von BitDefender Internet Security 2011 gef
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (1)
  12. Entfernung Trojan.Heur.Vundo.cu4@d4CKyXk sowie Trojan.Tdss.153
    Plagegeister aller Art und deren Bekämpfung - 17.01.2010 (1)
  13. Antivir fand bei mir: TR/Crypt.ZPACK.Gen' [trojan]., 'DR/Dldr.AutoIt.LJ.1' [dropper]
    Log-Analyse und Auswertung - 10.01.2010 (1)
  14. Hilfe! Wenig Ahnung aber dafür Trojan.Heur.AutoIT
    Plagegeister aller Art und deren Bekämpfung - 17.09.2009 (7)
  15. Trojan.Autoit.ST Auf dem USB Stick
    Mülltonne - 22.10.2008 (0)
  16. Trojan-Downloader.Win32.AutoIt.fs
    Mülltonne - 03.10.2008 (0)
  17. Frage zu Trojan.Autoit.E und svchost.exe
    Log-Analyse und Auswertung - 02.05.2005 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Gen:Trojan.Heur.AutoIT.3 gefunden - Code: Alles auswählen Aufklappen ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-12-01 19:12:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.01.0 931,51GB Running: Gmer-19357.exe; Driver: C:\Users\***\AppData\Local\Temp\kwdiipow.sys ---- - Gen:Trojan.Heur.AutoIT.3 gefunden...
Archiv
Du betrachtest: Gen:Trojan.Heur.AutoIT.3 gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131