| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antivirus Security Pro und "vieles" mehr?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.10.2013, 19:42
| #1 |
| |  Antivirus Security Pro und "vieles" mehr? Hallo zusammen, ich habe mir leider auf meinem Rechner wohl mehrere Viren/Trojaner eingefangen. Ich hoffe ich habe alles gemacht wie gewünscht und es kann mir jemand helfen. Anbei die Logfiles. Vielen Dank schonmal im Voraus. Die Logfile von FRST sind im Logfile Zip, weil der Text zu lang war. Meine ersten Schritte waren rkill und dann MBAM, leider hab ich die MBAM Log nicht gespeichert Grüße Flo Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-24 20:28:23
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\JULIAR~1\AppData\Local\Temp\aflyyuow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800041b0000 45 bytes [00, 00, 44, 02, 40, 47, 4D, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800041b002f 16 bytes [00, 00, 00, 00, 00, 8C, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1696] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d1efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1696] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d499b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1696] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d594d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1696] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d59640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1696] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076d7a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1696] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf62db0 5 bytes JMP 000007fffcf50180
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1696] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf637d0 7 bytes JMP 000007fffcf500d8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1696] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf68ef0 6 bytes JMP 000007fffcf50148
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1696] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf7af60 5 bytes JMP 000007fffcf50110
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1696] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b89e0 8 bytes JMP 000007fffcf501f0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1696] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bbe40 8 bytes JMP 000007fffcf501b8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1696] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffcf50228
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1696] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffcf50260
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2316] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c51465 2 bytes [C5, 74]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2316] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c514bb 2 bytes [C5, 74]
.text ... * 2
.text C:\windows\system32\taskeng.exe[3116] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf62db0 5 bytes JMP 000007fffcf50180
.text C:\windows\system32\taskeng.exe[3116] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf637d0 7 bytes JMP 000007fffcf500d8
.text C:\windows\system32\taskeng.exe[3116] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf68ef0 6 bytes JMP 000007fffcf50148
.text C:\windows\system32\taskeng.exe[3116] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf7af60 5 bytes JMP 000007fffcf50110
.text C:\windows\system32\taskeng.exe[3116] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b89e0 8 bytes JMP 000007fffcf501f0
.text C:\windows\system32\taskeng.exe[3116] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bbe40 8 bytes JMP 000007fffcf501b8
.text C:\windows\system32\taskeng.exe[3116] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffcf50228
.text C:\windows\system32\taskeng.exe[3116] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffcf50260
.text C:\windows\system32\Dwm.exe[3180] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf62db0 5 bytes JMP 000007fffcf50180
.text C:\windows\system32\Dwm.exe[3180] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf637d0 7 bytes JMP 000007fffcf500d8
.text C:\windows\system32\Dwm.exe[3180] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf68ef0 6 bytes JMP 000007fffcf50148
.text C:\windows\system32\Dwm.exe[3180] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf7af60 5 bytes JMP 000007fffcf50110
.text C:\windows\system32\Dwm.exe[3180] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b89e0 8 bytes JMP 000007fffcf501f0
.text C:\windows\system32\Dwm.exe[3180] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bbe40 8 bytes JMP 000007fffcf501b8
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3588] C:\windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000761513e1 7 bytes JMP 0000000171a51e90
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3588] C:\windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007616b1d3 5 bytes JMP 0000000171a51da0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3588] C:\windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000761e88b4 7 bytes JMP 0000000171a51d90
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3588] C:\windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000761e8939 5 bytes JMP 0000000171a51e80
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3588] C:\windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000761e8c8f 5 bytes JMP 0000000171a51e10
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3588] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000760e1d1b 5 bytes JMP 0000000171a52450
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3588] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000760e1dc9 5 bytes JMP 0000000171a524b0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3588] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760e2aa4 5 bytes JMP 0000000171a52520
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3588] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000760e2d0a 5 bytes JMP 0000000171a52670
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3588] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000764be9a2 5 bytes JMP 0000000171a51a00
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3588] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000764bebdc 5 bytes JMP 0000000171a51a90
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3588] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768f5ea5 5 bytes JMP 0000000171a51ce0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3588] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076929d0b 5 bytes JMP 0000000171a51c70
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3636] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000761513e1 7 bytes JMP 0000000171a51e90
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3636] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007616b1d3 5 bytes JMP 0000000171a51da0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3636] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761e88b4 7 bytes JMP 0000000171a51d90
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3636] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000761e8939 5 bytes JMP 0000000171a51e80
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3636] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000761e8c8f 5 bytes JMP 0000000171a51e10
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3636] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000760e1d1b 5 bytes JMP 0000000171a52450
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3636] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000760e1dc9 5 bytes JMP 0000000171a524b0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3636] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760e2aa4 5 bytes JMP 0000000171a52520
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3636] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000760e2d0a 5 bytes JMP 0000000171a52670
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3636] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000764be9a2 5 bytes JMP 0000000171a51a00
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3636] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000764bebdc 5 bytes JMP 0000000171a51a90
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3636] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768f5ea5 5 bytes JMP 0000000171a51ce0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3636] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076929d0b 5 bytes JMP 0000000171a51c70
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3816] C:\windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000761513e1 7 bytes JMP 0000000171a51e90
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3816] C:\windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007616b1d3 5 bytes JMP 0000000171a51da0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3816] C:\windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000761e88b4 7 bytes JMP 0000000171a51d90
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3816] C:\windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000761e8939 5 bytes JMP 0000000171a51e80
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3816] C:\windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000761e8c8f 5 bytes JMP 0000000171a51e10
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3816] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000760e1d1b 5 bytes JMP 0000000171a52450
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3816] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000760e1dc9 5 bytes JMP 0000000171a524b0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3816] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760e2aa4 5 bytes JMP 0000000171a52520
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3816] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000760e2d0a 5 bytes JMP 0000000171a52670
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3816] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000764be9a2 5 bytes JMP 0000000171a51a00
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3816] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000764bebdc 5 bytes JMP 0000000171a51a90
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3816] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768f5ea5 5 bytes JMP 0000000171a51ce0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3816] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076929d0b 5 bytes JMP 0000000171a51c70
.text C:\Windows\System32\igfxpers.exe[1488] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d1efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[1488] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d499b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[1488] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d594d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[1488] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d59640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[1488] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076d7a500 7 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[1488] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf62db0 5 bytes JMP 000007fffcf50180
.text C:\Windows\System32\igfxpers.exe[1488] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf637d0 7 bytes JMP 000007fffcf500d8
.text C:\Windows\System32\igfxpers.exe[1488] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf68ef0 6 bytes JMP 000007fffcf50148
.text C:\Windows\System32\igfxpers.exe[1488] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf7af60 5 bytes JMP 000007fffcf50110
.text C:\Windows\System32\igfxpers.exe[1488] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b89e0 8 bytes JMP 000007fffcf501f0
.text C:\Windows\System32\igfxpers.exe[1488] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bbe40 8 bytes JMP 000007fffcf501b8
.text C:\Windows\System32\igfxpers.exe[1488] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffcf50228
.text C:\Windows\System32\igfxpers.exe[1488] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffcf50260
.text C:\Program Files\IDT\WDM\sttray64.exe[3812] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d1efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\IDT\WDM\sttray64.exe[3812] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d499b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\IDT\WDM\sttray64.exe[3812] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d594d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\IDT\WDM\sttray64.exe[3812] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d59640 5 bytes JMP 000000016fff0110
.text C:\Program Files\IDT\WDM\sttray64.exe[3812] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076d7a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\IDT\WDM\sttray64.exe[3812] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf62db0 5 bytes JMP 000007fffcf50180
.text C:\Program Files\IDT\WDM\sttray64.exe[3812] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf637d0 7 bytes JMP 000007fffcf500d8
.text C:\Program Files\IDT\WDM\sttray64.exe[3812] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf68ef0 6 bytes JMP 000007fffcf50148
.text C:\Program Files\IDT\WDM\sttray64.exe[3812] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf7af60 5 bytes JMP 000007fffcf50110
.text C:\Program Files\IDT\WDM\sttray64.exe[3812] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b89e0 8 bytes JMP 000007fffcf501f0
.text C:\Program Files\IDT\WDM\sttray64.exe[3812] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bbe40 8 bytes JMP 000007fffcf501b8
.text C:\Program Files\IDT\WDM\sttray64.exe[3812] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffcf50228
.text C:\Program Files\IDT\WDM\sttray64.exe[3812] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffcf50260
.text C:\Program Files\DellTPad\Apoint.exe[3916] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d1efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\DellTPad\Apoint.exe[3916] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d499b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\DellTPad\Apoint.exe[3916] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d594d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\DellTPad\Apoint.exe[3916] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d59640 5 bytes JMP 000000016fff0110
.text C:\Program Files\DellTPad\Apoint.exe[3916] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076d7a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\DellTPad\Apoint.exe[3916] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf62db0 5 bytes JMP 000007fffcf50180
.text C:\Program Files\DellTPad\Apoint.exe[3916] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf637d0 7 bytes JMP 000007fffcf500d8
.text C:\Program Files\DellTPad\Apoint.exe[3916] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf68ef0 6 bytes JMP 000007fffcf50148
.text C:\Program Files\DellTPad\Apoint.exe[3916] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf7af60 5 bytes JMP 000007fffcf50110
.text C:\Program Files\DellTPad\Apoint.exe[3916] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b89e0 8 bytes JMP 000007fffcf501f0
.text C:\Program Files\DellTPad\Apoint.exe[3916] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bbe40 8 bytes JMP 000007fffcf501b8
.text C:\Program Files\DellTPad\Apoint.exe[3916] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffcf50228
.text C:\Program Files\DellTPad\Apoint.exe[3916] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffcf50260
.text C:\Program Files\Dell\QuickSet\quickset.exe[4496] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d1efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Dell\QuickSet\quickset.exe[4496] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d499b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Dell\QuickSet\quickset.exe[4496] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d594d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Dell\QuickSet\quickset.exe[4496] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d59640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Dell\QuickSet\quickset.exe[4496] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076d7a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Dell\QuickSet\quickset.exe[4496] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf62db0 5 bytes JMP 000007fffcf50180
.text C:\Program Files\Dell\QuickSet\quickset.exe[4496] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf637d0 7 bytes JMP 000007fffcf500d8
.text C:\Program Files\Dell\QuickSet\quickset.exe[4496] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf68ef0 6 bytes JMP 000007fffcf50148
.text C:\Program Files\Dell\QuickSet\quickset.exe[4496] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf7af60 5 bytes JMP 000007fffcf50110
.text C:\Program Files\Dell\QuickSet\quickset.exe[4496] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b89e0 8 bytes JMP 000007fffcf501f0
.text C:\Program Files\Dell\QuickSet\quickset.exe[4496] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bbe40 8 bytes JMP 000007fffcf501b8
.text C:\Program Files\Dell\QuickSet\quickset.exe[4496] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffcf50228
.text C:\Program Files\Dell\QuickSet\quickset.exe[4496] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffcf50260
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4708] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d1efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4708] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d499b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4708] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d594d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4708] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d59640 5 bytes JMP 000000016fff0110
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4708] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076d7a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4708] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf62db0 5 bytes JMP 000007fffcf50180
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4708] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf637d0 7 bytes JMP 000007fffcf500d8
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4708] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf68ef0 6 bytes JMP 000007fffcf50148
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4708] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf7af60 5 bytes JMP 000007fffcf50110
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4708] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b89e0 8 bytes JMP 000007fffcf501f0
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4708] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bbe40 8 bytes JMP 000007fffcf501b8
.text C:\Program Files\DellTPad\HidFind.exe[4748] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf62db0 5 bytes JMP 000007fffcf50180
.text C:\Program Files\DellTPad\HidFind.exe[4748] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf637d0 7 bytes JMP 000007fffcf500d8
.text C:\Program Files\DellTPad\HidFind.exe[4748] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf68ef0 6 bytes JMP 000007fffcf50148
.text C:\Program Files\DellTPad\HidFind.exe[4748] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf7af60 5 bytes JMP 000007fffcf50110
.text C:\Program Files\DellTPad\HidFind.exe[4748] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b89e0 8 bytes JMP 000007fffcf501f0
.text C:\Program Files\DellTPad\HidFind.exe[4748] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bbe40 8 bytes JMP 000007fffcf501b8
.text C:\Program Files\DellTPad\Apntex.exe[4756] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d1efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\DellTPad\Apntex.exe[4756] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d499b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\DellTPad\Apntex.exe[4756] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d594d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\DellTPad\Apntex.exe[4756] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d59640 5 bytes JMP 000000016fff0110
.text C:\Program Files\DellTPad\Apntex.exe[4756] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076d7a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\DellTPad\Apntex.exe[4756] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf62db0 5 bytes JMP 000007fffcf50180
.text C:\Program Files\DellTPad\Apntex.exe[4756] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf637d0 7 bytes JMP 000007fffcf500d8
.text C:\Program Files\DellTPad\Apntex.exe[4756] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf68ef0 6 bytes JMP 000007fffcf50148
.text C:\Program Files\DellTPad\Apntex.exe[4756] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf7af60 5 bytes JMP 000007fffcf50110
.text C:\Program Files\DellTPad\Apntex.exe[4756] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b89e0 8 bytes JMP 000007fffcf501f0
.text C:\Program Files\DellTPad\Apntex.exe[4756] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bbe40 8 bytes JMP 000007fffcf501b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4936] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d1efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4936] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d499b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4936] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d594d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4936] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d59640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4936] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076d7a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4936] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf62db0 5 bytes JMP 000007fffcf50180
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4936] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf637d0 7 bytes JMP 000007fffcf500d8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4936] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf68ef0 6 bytes JMP 000007fffcf50148
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4936] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf7af60 5 bytes JMP 000007fffcf50110
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4936] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b89e0 8 bytes JMP 000007fffcf501f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4936] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bbe40 8 bytes JMP 000007fffcf501b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4936] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffcf50228
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4936] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffcf50260
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4944] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000761513e1 7 bytes JMP 0000000171a51e90
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4944] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007616b1d3 5 bytes JMP 0000000171a51da0
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4944] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761e88b4 7 bytes JMP 0000000171a51d90
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4944] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000761e8939 5 bytes JMP 0000000171a51e80
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4944] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000761e8c8f 5 bytes JMP 0000000171a51e10
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4944] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000760e1d1b 5 bytes JMP 0000000171a52450
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4944] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000760e1dc9 5 bytes JMP 0000000171a524b0
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4944] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760e2aa4 5 bytes JMP 0000000171a52520
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4944] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000760e2d0a 5 bytes JMP 0000000171a52670
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4944] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000764be9a2 5 bytes JMP 0000000171a51a00
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4944] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000764bebdc 5 bytes JMP 0000000171a51a90
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4944] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768f5ea5 5 bytes JMP 0000000171a51ce0
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4944] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076929d0b 5 bytes JMP 0000000171a51c70
.text C:\windows\system32\wbem\unsecapp.exe[5084] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf62db0 5 bytes JMP 000007fffcf50180
.text C:\windows\system32\wbem\unsecapp.exe[5084] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf637d0 7 bytes JMP 000007fffcf500d8
.text C:\windows\system32\wbem\unsecapp.exe[5084] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf68ef0 6 bytes JMP 000007fffcf50148
.text C:\windows\system32\wbem\unsecapp.exe[5084] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf7af60 5 bytes JMP 000007fffcf50110
.text C:\windows\system32\wbem\unsecapp.exe[5084] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffcf50228
.text C:\windows\system32\wbem\unsecapp.exe[5084] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffcf50260
.text C:\windows\system32\wbem\unsecapp.exe[5084] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b89e0 8 bytes JMP 000007fffcf501f0
.text C:\windows\system32\wbem\unsecapp.exe[5084] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bbe40 8 bytes JMP 000007fffcf501b8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3232] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d1efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3232] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d499b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3232] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d594d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3232] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d59640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3232] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076d7a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3232] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf62db0 5 bytes JMP 000007fffcf50180
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3232] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf637d0 7 bytes JMP 000007fffcf500d8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3232] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf68ef0 6 bytes JMP 000007fffcf50148
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3232] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf7af60 5 bytes JMP 000007fffcf50110
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3232] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b89e0 8 bytes JMP 000007fffcf501f0
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3232] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bbe40 8 bytes JMP 000007fffcf501b8
.text C:\Windows\WindowsMobile\wmdc.exe[4340] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf62db0 5 bytes JMP 000007fffcf50180
.text C:\Windows\WindowsMobile\wmdc.exe[4340] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf637d0 7 bytes JMP 000007fffcf500d8
.text C:\Windows\WindowsMobile\wmdc.exe[4340] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf68ef0 6 bytes JMP 000007fffcf50148
.text C:\Windows\WindowsMobile\wmdc.exe[4340] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf7af60 5 bytes JMP 000007fffcf50110
.text C:\Windows\WindowsMobile\wmdc.exe[4340] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b89e0 8 bytes JMP 000007fffcf501f0
.text C:\Windows\WindowsMobile\wmdc.exe[4340] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bbe40 8 bytes JMP 000007fffcf501b8
.text C:\Windows\WindowsMobile\wmdc.exe[4340] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffcf50228
.text C:\Windows\WindowsMobile\wmdc.exe[4340] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffcf50260
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3276] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d1efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3276] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d499b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3276] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d594d0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3276] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d59640 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3276] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076d7a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3276] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf62db0 5 bytes JMP 000007fffcf50180
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3276] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf637d0 7 bytes JMP 000007fffcf500d8
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3276] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf68ef0 6 bytes JMP 000007fffcf50148
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3276] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf7af60 5 bytes JMP 000007fffcf50110
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3276] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b89e0 8 bytes JMP 000007fffcf501f0
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[3276] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bbe40 8 bytes JMP 000007fffcf501b8
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4776] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c51465 2 bytes [C5, 74]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4776] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c514bb 2 bytes [C5, 74]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4848] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000761513e1 7 bytes JMP 0000000171a51e90
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4848] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007616b1d3 5 bytes JMP 0000000171a51da0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4848] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761e88b4 7 bytes JMP 0000000171a51d90
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4848] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000761e8939 5 bytes JMP 0000000171a51e80
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4848] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000761e8c8f 5 bytes JMP 0000000171a51e10
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4848] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000760e1d1b 5 bytes JMP 0000000171a52450
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4848] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000760e1dc9 5 bytes JMP 0000000171a524b0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4848] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760e2aa4 5 bytes JMP 0000000171a52520
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4848] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000760e2d0a 5 bytes JMP 0000000171a52670
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4848] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000764be9a2 5 bytes JMP 0000000171a51a00
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4848] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000764bebdc 5 bytes JMP 0000000171a51a90
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4848] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768f5ea5 5 bytes JMP 0000000171a51ce0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4848] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076929d0b 5 bytes JMP 0000000171a51c70
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5156] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000761513e1 7 bytes JMP 0000000171a51e90
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5156] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007616b1d3 5 bytes JMP 0000000171a51da0
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5156] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761e88b4 7 bytes JMP 0000000171a51d90
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5156] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000761e8939 5 bytes JMP 0000000171a51e80
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5156] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000761e8c8f 5 bytes JMP 0000000171a51e10
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5156] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000760e1d1b 5 bytes JMP 0000000171a52450
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5156] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000760e1dc9 5 bytes JMP 0000000171a524b0
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5156] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760e2aa4 5 bytes JMP 0000000171a52520
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5156] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000760e2d0a 5 bytes JMP 0000000171a52670
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5156] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000764be9a2 5 bytes JMP 0000000171a51a00
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5156] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000764bebdc 5 bytes JMP 0000000171a51a90
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5156] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768f5ea5 5 bytes JMP 0000000171a51ce0
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[5156] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076929d0b 5 bytes JMP 0000000171a51c70
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[5236] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000761513e1 7 bytes JMP 0000000171a51e90
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[5236] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007616b1d3 5 bytes JMP 0000000171a51da0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[5236] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761e88b4 7 bytes JMP 0000000171a51d90
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[5236] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000761e8939 5 bytes JMP 0000000171a51e80
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[5236] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000761e8c8f 5 bytes JMP 0000000171a51e10
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[5236] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000760e1d1b 5 bytes JMP 0000000171a52450
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[5236] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000760e1dc9 5 bytes JMP 0000000171a524b0
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[5236] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760e2aa4 5 bytes JMP 0000000171a52520
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[5236] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000760e2d0a 5 bytes JMP 0000000171a52670
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[5236] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000764be9a2 5 bytes JMP 0000000171a51a00
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[5236] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000764bebdc 5 bytes JMP 0000000171a51a90
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[5236] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c51465 2 bytes [C5, 74]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[5236] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c514bb 2 bytes [C5, 74]
.text ... * 2
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5440] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000761513e1 7 bytes JMP 0000000171a51e90
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5440] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007616b1d3 5 bytes JMP 0000000171a51da0
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5440] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761e88b4 7 bytes JMP 0000000171a51d90
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5440] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000761e8939 5 bytes JMP 0000000171a51e80
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5440] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000761e8c8f 5 bytes JMP 0000000171a51e10
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5440] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000760e1d1b 5 bytes JMP 0000000171a52450
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5440] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000760e1dc9 5 bytes JMP 0000000171a524b0
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5440] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760e2aa4 5 bytes JMP 0000000171a52520
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5440] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000760e2d0a 5 bytes JMP 0000000171a52670
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5440] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000764be9a2 5 bytes JMP 0000000171a51a00
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5440] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000764bebdc 5 bytes JMP 0000000171a51a90
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5440] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768f5ea5 5 bytes JMP 0000000171a51ce0
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5440] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076929d0b 5 bytes JMP 0000000171a51c70
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5448] C:\windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000761513e1 7 bytes JMP 0000000171a51e90
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5448] C:\windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007616b1d3 5 bytes JMP 0000000171a51da0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5448] C:\windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000761e88b4 7 bytes JMP 0000000171a51d90
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5448] C:\windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000761e8939 5 bytes JMP 0000000171a51e80
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5448] C:\windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000761e8c8f 5 bytes JMP 0000000171a51e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5448] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000760e1d1b 5 bytes JMP 0000000171a52450
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5448] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000760e1dc9 5 bytes JMP 0000000171a524b0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5448] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760e2aa4 5 bytes JMP 0000000171a52520
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5448] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000760e2d0a 5 bytes JMP 0000000171a52670
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5448] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000764be9a2 5 bytes JMP 0000000171a51a00
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5448] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000764bebdc 5 bytes JMP 0000000171a51a90
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5448] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768f5ea5 5 bytes JMP 0000000171a51ce0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5448] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076929d0b 5 bytes JMP 0000000171a51c70
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[5456] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000761513e1 7 bytes JMP 0000000171a51e90
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[5456] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007616b1d3 5 bytes JMP 0000000171a51da0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[5456] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761e88b4 7 bytes JMP 0000000171a51d90
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[5456] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000761e8939 5 bytes JMP 0000000171a51e80
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[5456] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000761e8c8f 5 bytes JMP 0000000171a51e10
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[5456] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000760e1d1b 5 bytes JMP 0000000171a52450
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[5456] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000760e1dc9 5 bytes JMP 0000000171a524b0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[5456] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760e2aa4 5 bytes JMP 0000000171a52520
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[5456] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000760e2d0a 5 bytes JMP 0000000171a52670
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[5456] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000764be9a2 5 bytes JMP 0000000171a51a00
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[5456] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000764bebdc 5 bytes JMP 0000000171a51a90
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[5456] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768f5ea5 5 bytes JMP 0000000171a51ce0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[5456] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076929d0b 5 bytes JMP 0000000171a51c70
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5464] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000761513e1 7 bytes JMP 0000000171a51e90
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5464] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007616b1d3 5 bytes JMP 0000000171a51da0
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5464] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761e88b4 7 bytes JMP 0000000171a51d90
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5464] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000761e8939 5 bytes JMP 0000000171a51e80
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5464] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000761e8c8f 5 bytes JMP 0000000171a51e10
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5464] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000760e1d1b 5 bytes JMP 0000000171a52450
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5464] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000760e1dc9 5 bytes JMP 0000000171a524b0
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5464] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760e2aa4 5 bytes JMP 0000000171a52520
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5464] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000760e2d0a 5 bytes JMP 0000000171a52670
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5464] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000764be9a2 5 bytes JMP 0000000171a51a00
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5464] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000764bebdc 5 bytes JMP 0000000171a51a90
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5464] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768f5ea5 5 bytes JMP 0000000171a51ce0
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5464] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076929d0b 5 bytes JMP 0000000171a51c70
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[5488] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000761513e1 7 bytes JMP 0000000171a51e90
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[5488] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007616b1d3 5 bytes JMP 0000000171a51da0
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[5488] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761e88b4 7 bytes JMP 0000000171a51d90
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[5488] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000761e8939 5 bytes JMP 0000000171a51e80
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[5488] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000761e8c8f 5 bytes JMP 0000000171a51e10
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5616] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000761513e1 7 bytes JMP 0000000171a51e90
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5616] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007616b1d3 5 bytes JMP 0000000171a51da0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5616] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761e88b4 7 bytes JMP 0000000171a51d90
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5616] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000761e8939 5 bytes JMP 0000000171a51e80
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5616] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000761e8c8f 5 bytes JMP 0000000171a51e10
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5616] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000760e1d1b 5 bytes JMP 0000000171a52450
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5616] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000760e1dc9 5 bytes JMP 0000000171a524b0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5616] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760e2aa4 5 bytes JMP 0000000171a52520
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5616] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000760e2d0a 5 bytes JMP 0000000171a52670
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5616] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000764be9a2 5 bytes JMP 0000000171a51a00
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5616] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000764bebdc 5 bytes JMP 0000000171a51a90
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5616] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768f5ea5 5 bytes JMP 0000000171a51ce0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5616] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076929d0b 5 bytes JMP 0000000171a51c70
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5616] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c51465 2 bytes [C5, 74]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5616] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c514bb 2 bytes [C5, 74]
.text ... * 2
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5660] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000761513e1 7 bytes JMP 0000000171a51e90
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5660] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007616b1d3 5 bytes JMP 0000000171a51da0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5660] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761e88b4 7 bytes JMP 0000000171a51d90
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5660] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000761e8939 5 bytes JMP 0000000171a51e80
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5660] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000761e8c8f 5 bytes JMP 0000000171a51e10
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5660] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000760e1d1b 5 bytes JMP 0000000171a52450
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5660] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000760e1dc9 5 bytes JMP 0000000171a524b0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5660] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760e2aa4 5 bytes JMP 0000000171a52520
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5660] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000760e2d0a 5 bytes JMP 0000000171a52670
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5660] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000764be9a2 5 bytes JMP 0000000171a51a00
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5660] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000764bebdc 5 bytes JMP 0000000171a51a90
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5660] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768f5ea5 5 bytes JMP 0000000171a51ce0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5660] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076929d0b 5 bytes JMP 0000000171a51c70
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c51465 2 bytes [C5, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c514bb 2 bytes [C5, 74]
.text ... * 2
.text C:\Users\Julia Ruell\Downloads\FRST64.exe[1780] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d1efe0 5 bytes JMP 000000016fff0148
.text C:\Users\Julia Ruell\Downloads\FRST64.exe[1780] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d499b0 7 bytes JMP 000000016fff00d8
.text C:\Users\Julia Ruell\Downloads\FRST64.exe[1780] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d594d0 5 bytes JMP 000000016fff0180
.text C:\Users\Julia Ruell\Downloads\FRST64.exe[1780] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d59640 5 bytes JMP 000000016fff0110
.text C:\Users\Julia Ruell\Downloads\FRST64.exe[1780] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076d7a500 7 bytes JMP 000000016fff01b8
.text C:\Users\Julia Ruell\Downloads\FRST64.exe[1780] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf62db0 5 bytes JMP 000007fffcf50180
.text C:\Users\Julia Ruell\Downloads\FRST64.exe[1780] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf637d0 7 bytes JMP 000007fffcf500d8
.text C:\Users\Julia Ruell\Downloads\FRST64.exe[1780] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf68ef0 6 bytes JMP 000007fffcf50148
.text C:\Users\Julia Ruell\Downloads\FRST64.exe[1780] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf7af60 5 bytes JMP 000007fffcf50110
.text C:\Users\Julia Ruell\Downloads\FRST64.exe[1780] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b89e0 8 bytes JMP 000007fffcf501f0
.text C:\Users\Julia Ruell\Downloads\FRST64.exe[1780] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bbe40 8 bytes JMP 000007fffcf501b8
.text C:\windows\system32\NOTEPAD.EXE[2260] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d1efe0 5 bytes JMP 000000016fff0148
.text C:\windows\system32\NOTEPAD.EXE[2260] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d499b0 7 bytes JMP 000000016fff00d8
.text C:\windows\system32\NOTEPAD.EXE[2260] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d594d0 5 bytes JMP 000000016fff0180
.text C:\windows\system32\NOTEPAD.EXE[2260] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d59640 5 bytes JMP 000000016fff0110
.text C:\windows\system32\NOTEPAD.EXE[2260] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076d7a500 7 bytes JMP 000000016fff01b8
.text C:\windows\system32\NOTEPAD.EXE[2260] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf62db0 5 bytes JMP 000007fffcf50180
.text C:\windows\system32\NOTEPAD.EXE[2260] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf637d0 7 bytes JMP 000007fffcf500d8
.text C:\windows\system32\NOTEPAD.EXE[2260] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf68ef0 6 bytes JMP 000007fffcf50148
.text C:\windows\system32\NOTEPAD.EXE[2260] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf7af60 5 bytes JMP 000007fffcf50110
.text C:\windows\system32\NOTEPAD.EXE[2260] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b89e0 8 bytes JMP 000007fffcf501f0
.text C:\windows\system32\NOTEPAD.EXE[2260] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bbe40 8 bytes JMP 000007fffcf501b8
.text C:\windows\system32\NOTEPAD.EXE[2260] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffcf50228
.text C:\windows\system32\NOTEPAD.EXE[2260] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffcf50260
.text C:\windows\system32\NOTEPAD.EXE[7148] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d1efe0 5 bytes JMP 000000016fff0148
.text C:\windows\system32\NOTEPAD.EXE[7148] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d499b0 7 bytes JMP 000000016fff00d8
.text C:\windows\system32\NOTEPAD.EXE[7148] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d594d0 5 bytes JMP 000000016fff0180
.text C:\windows\system32\NOTEPAD.EXE[7148] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076d59640 5 bytes JMP 000000016fff0110
.text C:\windows\system32\NOTEPAD.EXE[7148] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076d7a500 7 bytes JMP 000000016fff01b8
.text C:\windows\system32\NOTEPAD.EXE[7148] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf62db0 5 bytes JMP 000007fffcf50180
.text C:\windows\system32\NOTEPAD.EXE[7148] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf637d0 7 bytes JMP 000007fffcf500d8
.text C:\windows\system32\NOTEPAD.EXE[7148] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf68ef0 6 bytes JMP 000007fffcf50148
.text C:\windows\system32\NOTEPAD.EXE[7148] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf7af60 5 bytes JMP 000007fffcf50110
.text C:\windows\system32\NOTEPAD.EXE[7148] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b89e0 8 bytes JMP 000007fffcf501f0
.text C:\windows\system32\NOTEPAD.EXE[7148] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bbe40 8 bytes JMP 000007fffcf501b8
.text C:\windows\system32\NOTEPAD.EXE[7148] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffcf50228
.text C:\windows\system32\NOTEPAD.EXE[7148] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffcf50260
.text C:\Users\Julia Ruell\Desktop\gmer_2.1.19163.exe[6360] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000761513e1 7 bytes JMP 0000000171a51e90
.text C:\Users\Julia Ruell\Desktop\gmer_2.1.19163.exe[6360] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007616b1d3 5 bytes JMP 0000000171a51da0
.text C:\Users\Julia Ruell\Desktop\gmer_2.1.19163.exe[6360] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761e88b4 7 bytes JMP 0000000171a51d90
.text C:\Users\Julia Ruell\Desktop\gmer_2.1.19163.exe[6360] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000761e8939 5 bytes JMP 0000000171a51e80
.text C:\Users\Julia Ruell\Desktop\gmer_2.1.19163.exe[6360] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000761e8c8f 5 bytes JMP 0000000171a51e10
.text C:\Users\Julia Ruell\Desktop\gmer_2.1.19163.exe[6360] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000760e1d1b 5 bytes JMP 0000000171a52450
.text C:\Users\Julia Ruell\Desktop\gmer_2.1.19163.exe[6360] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000760e1dc9 5 bytes JMP 0000000171a524b0
.text C:\Users\Julia Ruell\Desktop\gmer_2.1.19163.exe[6360] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760e2aa4 5 bytes JMP 0000000171a52520
.text C:\Users\Julia Ruell\Desktop\gmer_2.1.19163.exe[6360] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000760e2d0a 5 bytes JMP 0000000171a52670
.text C:\Users\Julia Ruell\Desktop\gmer_2.1.19163.exe[6360] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000764be9a2 5 bytes JMP 0000000171a51a00
.text C:\Users\Julia Ruell\Desktop\gmer_2.1.19163.exe[6360] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000764bebdc 5 bytes JMP 0000000171a51a90
---- Threads - GMER 2.1 ----
Thread C:\windows\SysWOW64\Rundll32.exe [3216:4196] 0000000071b98610
Thread C:\windows\SysWOW64\ntdll.dll [4344:1856] 00000000011da2d4
Thread C:\windows\SysWOW64\ntdll.dll [4344:5516] 00000000103ccdc0
Thread C:\windows\SysWOW64\ntdll.dll [4344:5580] 00000000103ccdc0
Thread C:\windows\SysWOW64\ntdll.dll [4344:6680] 00000000103ccdc0
Thread C:\windows\SysWOW64\ntdll.dll [4344:3788] 0000000072e1a3e0
Thread C:\windows\SysWOW64\ntdll.dll [4344:748] 0000000076752b45
Thread C:\windows\SysWOW64\ntdll.dll [4344:456] 000000007690d864
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\ac728984ad4a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\ac728984ad4a@7c11be217c73 0xA3 0xD1 0x00 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac728984ad4a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac728984ad4a@7c11be217c73 0xA3 0xD1 0x00 0x08 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\ac728984ad4a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\ac728984ad4a@7c11be217c73 0xA3 0xD1 0x00 0x08 ...
---- EOF - GMER 2.1 ----
|
| Themen zu Antivirus Security Pro und "vieles" mehr? |
| .dll, acrobat, adobe, antivirus, desktop, gmer, harddisk, ics, microsoft, ntdll.dll, ntoskrnl.exe, nvidia, office, rechner, registry, remote, rundll, rundll32.exe, scan, security, service.exe, system, system32, temp, usb, webcam |
Baum-Darstellung