| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Internet: Proxy-Server verweigert die VerbindungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.09.2014, 11:46
| #1 |
| |  Windows 7: Internet: Proxy-Server verweigert die Verbindung Liebes Trojaner Board, Wenn ich mit einem Browser im Internet surfen will, erhalte ich folgende Fehlermeldung: Proxy-Server verweigert die Verbindung Wenn ich mich am PC unter einem anderen Benutzer anmelde, funktioniert das Surfen tadellos. Hannah2 funktioniert und Hannah funktioniert nicht. Die Hannah2 Daten befinden sich im Archiv Ich habe versucht ein paar log-files zu erstellen und poste sie anbei. Den Download von FRST Scan hat mir mein Virenprogramm (Norton) verweigert. Daher kein log-file davon. Vielen Dank schon mal! Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 04/09/2014 um 10:53:53
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Hannah - HAN
# Gestartet von : C:\Users\Public\Documents\adwcleaner_3.309.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : DailytoolsUpdateService
Dienst Gefunden : Search
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\hzgny1ku.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Datei Gefunden : C:\Windows\SysWOW64\update1.dll
Ordner Gefunden : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gefunden : C:\Program Files (x86)\Search
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Hannah\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gefunden : C:\Users\Hannah\AppData\Roaming\pdfforge
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Wert Gefunden : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [DailytoolsInstallerService]
Wert Gefunden : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [DailytoolsUpdateService]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startfenster.com
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\hzgny1ku.default\prefs.js ]
-\\ Google Chrome v12.0.742.112
[ Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\Hannah2\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Gefunden [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Gefunden [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Gefunden [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Gefunden [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Gefunden [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Gefunden [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
*************************
AdwCleaner[R0].txt - [3042 octets] - [04/09/2014 10:53:53]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3102 octets] ##########
Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 04/09/2014 um 10:56:25
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Hannah - HAN
# Gestartet von : C:\Users\Public\Documents\adwcleaner_3.309.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : DailytoolsUpdateService
[#] Dienst Gelöscht : Search
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Hannah\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Hannah\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\hzgny1ku.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Datei Gelöscht : C:\Windows\SysWOW64\update1.dll
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [DailytoolsInstallerService]
Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [DailytoolsUpdateService]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\hzgny1ku.default\prefs.js ]
-\\ Google Chrome v0.0.0.0
[ Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\Hannah2\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Gelöscht [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Gelöscht [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Gelöscht [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Gelöscht [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Gelöscht [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Gelöscht [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
*************************
AdwCleaner[R0].txt - [3194 octets] - [04/09/2014 10:53:53]
AdwCleaner[S0].txt - [2963 octets] - [04/09/2014 10:56:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3023 octets] ##########
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:04 on 04/09/2014 (Hannah)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-04 12:22:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0003 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Hannah2\AppData\Local\Temp\uxtdipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\Windows\system32\hasplms.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\Windows\system32\hasplms.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\SIMULIA\Documentation\monitor.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\SIMULIA\Documentation\monitor.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\SIMULIA\Documentation\monitor.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\SIMULIA\Documentation\monitor.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[5144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe[5144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[4460] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007725f2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[4460] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077289a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[4460] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772994c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[4460] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077299630 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[4460] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772b87e0 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[4460] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd4c2db0 5 bytes JMP 000007fffd4b0180
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[4460] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4c37d0 7 bytes JMP 000007fffd4b00d8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[4460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd4c8ef0 6 bytes JMP 000007fffd4b0148
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[4460] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd4daf60 5 bytes JMP 000007fffd4b0110
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[4460] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd6189f0 8 bytes JMP 000007fffd4b01f0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[4460] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd61be50 8 bytes JMP 000007fffd4b01b8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[4460] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe607490 11 bytes JMP 000007fffd4b0228
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[4460] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe61bf00 7 bytes JMP 000007fffd4b0260
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[8036] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007725f2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[8036] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077289a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[8036] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772994c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[8036] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077299630 5 bytes JMP 000000016fff0110
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[8036] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772b87e0 7 bytes JMP 000000016fff01b8
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[8036] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd4c2db0 5 bytes JMP 000007fffd4b0180
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[8036] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4c37d0 7 bytes JMP 000007fffd4b00d8
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[8036] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd4c8ef0 6 bytes JMP 000007fffd4b0148
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[8036] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd4daf60 5 bytes JMP 000007fffd4b0110
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[8036] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd6189f0 8 bytes JMP 000007fffd4b01f0
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[8036] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd61be50 8 bytes JMP 000007fffd4b01b8
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[6824] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a71409 7 bytes JMP 0000000174ef1e90
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[6824] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a8b21b 5 bytes JMP 0000000174ef1da0
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[6824] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b08e24 7 bytes JMP 0000000174ef1d90
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[6824] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b08ea9 5 bytes JMP 0000000174ef1e80
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[6824] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b091ff 5 bytes JMP 0000000174ef1e10
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[6824] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075291d29 5 bytes JMP 0000000174ef2450
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[6824] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075291dd7 5 bytes JMP 0000000174ef24b0
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[6824] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075292ab1 5 bytes JMP 0000000174ef2520
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[6824] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075292d17 5 bytes JMP 0000000174ef2670
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[6824] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007674e96b 5 bytes JMP 0000000174ef1a00
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[6824] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007674eba5 5 bytes JMP 0000000174ef1a90
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[6824] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076cd5ea5 5 bytes JMP 0000000174ef1ce0
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[6824] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076d09d0b 5 bytes JMP 0000000174ef1c70
.text C:\Windows\system32\Dwm.exe[808] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd4c2db0 5 bytes JMP 000007fffd4b0180
.text C:\Windows\system32\Dwm.exe[808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4c37d0 7 bytes JMP 000007fffd4b00d8
.text C:\Windows\system32\Dwm.exe[808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd4c8ef0 6 bytes JMP 000007fffd4b0148
.text C:\Windows\system32\Dwm.exe[808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd4daf60 5 bytes JMP 000007fffd4b0110
.text C:\Windows\system32\Dwm.exe[808] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd6189f0 8 bytes JMP 000007fffd4b01f0
.text C:\Windows\system32\Dwm.exe[808] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd61be50 8 bytes JMP 000007fffd4b01b8
.text C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4124] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a71409 7 bytes JMP 0000000174ef1e90
.text C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4124] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a8b21b 5 bytes JMP 0000000174ef1da0
.text C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4124] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b08e24 7 bytes JMP 0000000174ef1d90
.text C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4124] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b08ea9 5 bytes JMP 0000000174ef1e80
.text C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4124] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b091ff 5 bytes JMP 0000000174ef1e10
.text C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4124] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075291d29 5 bytes JMP 0000000174ef2450
.text C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4124] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075291dd7 5 bytes JMP 0000000174ef24b0
.text C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4124] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075292ab1 5 bytes JMP 0000000174ef2520
.text C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4124] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075292d17 5 bytes JMP 0000000174ef2670
.text C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4124] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007674e96b 5 bytes JMP 0000000174ef1a00
.text C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4124] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007674eba5 5 bytes JMP 0000000174ef1a90
.text C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4124] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076cd5ea5 5 bytes JMP 0000000174ef1ce0
.text C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE[4124] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076d09d0b 5 bytes JMP 0000000174ef1c70
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[3320] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a71409 7 bytes JMP 0000000174ef1e90
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[3320] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a8b21b 5 bytes JMP 0000000174ef1da0
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[3320] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b08e24 7 bytes JMP 0000000174ef1d90
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[3320] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b08ea9 5 bytes JMP 0000000174ef1e80
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[3320] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b091ff 5 bytes JMP 0000000174ef1e10
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[3320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075291d29 5 bytes JMP 0000000174ef2450
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[3320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075291dd7 5 bytes JMP 0000000174ef24b0
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[3320] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075292ab1 5 bytes JMP 0000000174ef2520
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[3320] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075292d17 5 bytes JMP 0000000174ef2670
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[3320] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007674e96b 5 bytes JMP 0000000174ef1a00
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[3320] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007674eba5 5 bytes JMP 0000000174ef1a90
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[3320] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076cd5ea5 5 bytes JMP 0000000174ef1ce0
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[3320] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076d09d0b 5 bytes JMP 0000000174ef1c70
.text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[6704] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd4c2db0 5 bytes JMP 000007fffd4b0180
.text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[6704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4c37d0 7 bytes JMP 000007fffd4b00d8
.text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[6704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd4c8ef0 6 bytes JMP 000007fffd4b0148
.text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[6704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd4daf60 5 bytes JMP 000007fffd4b0110
.text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[6704] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd6189f0 8 bytes JMP 000007fffd4b01f0
.text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[6704] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd61be50 8 bytes JMP 000007fffd4b01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[7956] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007725f2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[7956] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077289a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[7956] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772994c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[7956] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077299630 5 bytes JMP 000000016fff0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[7956] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772b87e0 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[7956] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd4c2db0 5 bytes JMP 000007fffd4b0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[7956] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4c37d0 7 bytes JMP 000007fffd4b00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[7956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd4c8ef0 6 bytes JMP 000007fffd4b0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[7956] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd4daf60 5 bytes JMP 000007fffd4b0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[7956] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd6189f0 8 bytes JMP 000007fffd4b01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[7956] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd61be50 8 bytes JMP 000007fffd4b01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[7956] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe607490 11 bytes JMP 000007fffd4b0228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[7956] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe61bf00 7 bytes JMP 000007fffd4b0260
.text C:\Windows\System32\TpShocks.exe[8012] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd4c2db0 5 bytes JMP 000007fffd4b0180
.text C:\Windows\System32\TpShocks.exe[8012] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4c37d0 7 bytes JMP 000007fffd4b00d8
.text C:\Windows\System32\TpShocks.exe[8012] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd4c8ef0 6 bytes JMP 000007fffd4b0148
.text C:\Windows\System32\TpShocks.exe[8012] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd4daf60 5 bytes JMP 000007fffd4b0110
.text C:\Windows\System32\TpShocks.exe[8012] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd6189f0 8 bytes JMP 000007fffd4b01f0
.text C:\Windows\System32\TpShocks.exe[8012] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd61be50 8 bytes JMP 000007fffd4b01b8
.text C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[588] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd4c2db0 5 bytes JMP 000007fffd4b0180
.text C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[588] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4c37d0 7 bytes JMP 000007fffd4b00d8
.text C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[588] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd4c8ef0 6 bytes JMP 000007fffd4b0148
.text C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[588] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd4daf60 5 bytes JMP 000007fffd4b0110
.text C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[588] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd6189f0 8 bytes JMP 000007fffd4b01f0
.text C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[588] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd61be50 8 bytes JMP 000007fffd4b01b8
.text C:\Windows\System32\igfxpers.exe[5416] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd4c2db0 5 bytes JMP 000007fffd4b0180
.text C:\Windows\System32\igfxpers.exe[5416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4c37d0 7 bytes JMP 000007fffd4b00d8
.text C:\Windows\System32\igfxpers.exe[5416] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd4c8ef0 6 bytes JMP 000007fffd4b0148
.text C:\Windows\System32\igfxpers.exe[5416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd4daf60 5 bytes JMP 000007fffd4b0110
.text C:\Windows\System32\igfxpers.exe[5416] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd6189f0 8 bytes JMP 000007fffd4b01f0
.text C:\Windows\System32\igfxpers.exe[5416] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd61be50 8 bytes JMP 000007fffd4b01b8
.text C:\Windows\System32\igfxpers.exe[5416] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe607490 11 bytes JMP 000007fffd4b0228
.text C:\Windows\System32\igfxpers.exe[5416] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe61bf00 7 bytes JMP 000007fffd4b0260
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4660] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a71409 7 bytes JMP 0000000174ef1e90
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4660] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a8b21b 5 bytes JMP 0000000174ef1da0
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4660] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b08e24 7 bytes JMP 0000000174ef1d90
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4660] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b08ea9 5 bytes JMP 0000000174ef1e80
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4660] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b091ff 5 bytes JMP 0000000174ef1e10
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4660] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075291d29 5 bytes JMP 0000000174ef2450
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4660] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075291dd7 5 bytes JMP 0000000174ef24b0
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4660] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075292ab1 5 bytes JMP 0000000174ef2520
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4660] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075292d17 5 bytes JMP 0000000174ef2670
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4660] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007674e96b 5 bytes JMP 0000000174ef1a00
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4660] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007674eba5 5 bytes JMP 0000000174ef1a90
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4660] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076cd5ea5 5 bytes JMP 0000000174ef1ce0
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4660] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076d09d0b 5 bytes JMP 0000000174ef1c70
.text C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[2756] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a71409 7 bytes JMP 0000000174ef1e90
.text C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[2756] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a8b21b 5 bytes JMP 0000000174ef1da0
.text C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[2756] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b08e24 7 bytes JMP 0000000174ef1d90
.text C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[2756] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b08ea9 5 bytes JMP 0000000174ef1e80
.text C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[2756] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b091ff 5 bytes JMP 0000000174ef1e10
.text C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[2756] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075291d29 5 bytes JMP 0000000174ef2450
.text C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[2756] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075291dd7 5 bytes JMP 0000000174ef24b0
.text C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[2756] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075292ab1 5 bytes JMP 0000000174ef2520
.text C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[2756] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075292d17 5 bytes JMP 0000000174ef2670
.text C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[2756] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007674e96b 5 bytes JMP 0000000174ef1a00
.text C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[2756] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007674eba5 5 bytes JMP 0000000174ef1a90
.text C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[2756] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076cd5ea5 5 bytes JMP 0000000174ef1ce0
.text C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe[2756] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076d09d0b 5 bytes JMP 0000000174ef1c70
.text C:\Users\Hannah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1864] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a71409 7 bytes JMP 0000000174ef1e90
.text C:\Users\Hannah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1864] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a8b21b 5 bytes JMP 0000000174ef1da0
.text C:\Users\Hannah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1864] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b08e24 7 bytes JMP 0000000174ef1d90
.text C:\Users\Hannah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1864] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b08ea9 5 bytes JMP 0000000174ef1e80
.text C:\Users\Hannah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1864] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b091ff 5 bytes JMP 0000000174ef1e10
.text C:\Users\Hannah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1864] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075291d29 5 bytes JMP 0000000174ef2450
.text C:\Users\Hannah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1864] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075291dd7 5 bytes JMP 0000000174ef24b0
.text C:\Users\Hannah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1864] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075292ab1 5 bytes JMP 0000000174ef2520
.text C:\Users\Hannah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1864] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075292d17 5 bytes JMP 0000000174ef2670
.text C:\Users\Hannah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1864] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007674e96b 5 bytes JMP 0000000174ef1a00
.text C:\Users\Hannah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1864] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007674eba5 5 bytes JMP 0000000174ef1a90
.text C:\Users\Hannah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1864] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076cd5ea5 5 bytes JMP 0000000174ef1ce0
.text C:\Users\Hannah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1864] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076d09d0b 5 bytes JMP 0000000174ef1c70
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7996] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd4c2db0 5 bytes JMP 000007fffd4b0180
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7996] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4c37d0 7 bytes JMP 000007fffd4b00d8
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7996] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd4c8ef0 6 bytes JMP 000007fffd4b0148
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7996] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd4daf60 5 bytes JMP 000007fffd4b0110
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7996] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd6189f0 8 bytes JMP 000007fffd4b01f0
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7996] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd61be50 8 bytes JMP 000007fffd4b01b8
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7996] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe607490 11 bytes JMP 000007fffd4b0228
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[7996] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe61bf00 7 bytes JMP 000007fffd4b0260
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5756] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007725f2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5756] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077289a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5756] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772994c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5756] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077299630 5 bytes JMP 000000016fff0110
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5756] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772b87e0 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5756] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd4c2db0 5 bytes JMP 000007fffd340180
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5756] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4c37d0 7 bytes JMP 000007fffd3400d8
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5756] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd4c8ef0 6 bytes JMP 000007fffd340148
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5756] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd4daf60 5 bytes JMP 000007fffd340110
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5756] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd6189f0 8 bytes JMP 000007fffd3401f0
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5756] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd61be50 8 bytes JMP 000007fffd3401b8
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4368] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007725f2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4368] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077289a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4368] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772994c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4368] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077299630 5 bytes JMP 000000016fff0110
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4368] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772b87e0 7 bytes JMP 000000016fff01b8
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4368] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd4c2db0 5 bytes JMP 000007fffd4b0180
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4368] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4c37d0 7 bytes JMP 000007fffd4b00d8
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4368] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd4c8ef0 6 bytes JMP 000007fffd4b0148
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4368] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd4daf60 5 bytes JMP 000007fffd4b0110
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4368] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd6189f0 8 bytes JMP 000007fffd4b01f0
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4368] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd61be50 8 bytes JMP 000007fffd4b01b8
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[7108] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd4c2db0 5 bytes JMP 000007fffd4b0180
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[7108] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4c37d0 7 bytes JMP 000007fffd4b00d8
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[7108] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd4c8ef0 6 bytes JMP 000007fffd4b0148
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[7108] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd4daf60 5 bytes JMP 000007fffd4b0110
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[7108] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd6189f0 8 bytes JMP 000007fffd4b01f0
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[7108] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd61be50 8 bytes JMP 000007fffd4b01b8
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[7644] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a71409 7 bytes JMP 0000000174ef1e90
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[7644] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a8b21b 5 bytes JMP 0000000174ef1da0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[7644] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b08e24 7 bytes JMP 0000000174ef1d90
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[7644] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b08ea9 5 bytes JMP 0000000174ef1e80
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[7644] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b091ff 5 bytes JMP 0000000174ef1e10
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[7644] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075291d29 5 bytes JMP 0000000174ef2450
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[7644] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075291dd7 5 bytes JMP 0000000174ef24b0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[7644] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075292ab1 5 bytes JMP 0000000174ef2520
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[7644] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075292d17 5 bytes JMP 0000000174ef2670
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[7644] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007674e96b 5 bytes JMP 0000000174ef1a00
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[7644] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007674eba5 5 bytes JMP 0000000174ef1a90
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[7644] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076cd5ea5 5 bytes JMP 0000000174ef1ce0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[7644] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076d09d0b 5 bytes JMP 0000000174ef1c70
.text C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe[2620] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a71409 7 bytes JMP 0000000174ef1e90
.text C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe[2620] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a8b21b 5 bytes JMP 0000000174ef1da0
.text C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe[2620] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b08e24 7 bytes JMP 0000000174ef1d90
.text C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe[2620] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b08ea9 5 bytes JMP 0000000174ef1e80
.text C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe[2620] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b091ff 5 bytes JMP 0000000174ef1e10
.text C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe[2620] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075291d29 5 bytes JMP 0000000174ef2450
.text C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe[2620] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075291dd7 5 bytes JMP 0000000174ef24b0
.text C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe[2620] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075292ab1 5 bytes JMP 0000000174ef2520
.text C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe[2620] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075292d17 5 bytes JMP 0000000174ef2670
.text C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe[2620] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007674e96b 5 bytes JMP 0000000174ef1a00
.text C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe[2620] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007674eba5 5 bytes JMP 0000000174ef1a90
.text C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe[2620] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076cd5ea5 5 bytes JMP 0000000174ef1ce0
.text C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe[2620] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076d09d0b 5 bytes JMP 0000000174ef1c70
.text C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe[2620] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe[2620] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5372] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd4c2db0 5 bytes JMP 000007fffd4b0180
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4c37d0 7 bytes JMP 000007fffd4b00d8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd4c8ef0 6 bytes JMP 000007fffd4b0148
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd4daf60 5 bytes JMP 000007fffd4b0110
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5372] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd6189f0 8 bytes JMP 000007fffd4b01f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5372] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd61be50 8 bytes JMP 000007fffd4b01b8
.text C:\Windows\SysWOW64\RunDll32.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\Windows\SysWOW64\RunDll32.exe[1696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4464] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a71409 7 bytes JMP 0000000174ef1e90
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4464] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a8b21b 5 bytes JMP 0000000174ef1da0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4464] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b08e24 7 bytes JMP 0000000174ef1d90
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4464] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b08ea9 5 bytes JMP 0000000174ef1e80
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4464] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b091ff 5 bytes JMP 0000000174ef1e10
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4464] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075291d29 5 bytes JMP 0000000174ef2450
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4464] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075291dd7 5 bytes JMP 0000000174ef24b0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4464] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075292ab1 5 bytes JMP 0000000174ef2520
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4464] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075292d17 5 bytes JMP 0000000174ef2670
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4464] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007674e96b 5 bytes JMP 0000000174ef1a00
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4464] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007674eba5 5 bytes JMP 0000000174ef1a90
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4464] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076cd5ea5 5 bytes JMP 0000000174ef1ce0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4464] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076d09d0b 5 bytes JMP 0000000174ef1c70
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[7592] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a71409 7 bytes JMP 0000000174ef1e90
.text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[7592] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a8b21b 5 bytes JMP 0000000174ef1da0
.text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[7592] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b08e24 7 bytes JMP 0000000174ef1d90
.text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[7592] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b08ea9 5 bytes JMP 0000000174ef1e80
.text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[7592] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b091ff 5 bytes JMP 0000000174ef1e10
.text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[7592] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075291d29 5 bytes JMP 0000000174ef2450
.text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[7592] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075291dd7 5 bytes JMP 0000000174ef24b0
.text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[7592] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075292ab1 5 bytes JMP 0000000174ef2520
.text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[7592] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075292d17 5 bytes JMP 0000000174ef2670
.text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[7592] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007674e96b 5 bytes JMP 0000000174ef1a00
.text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[7592] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007674eba5 5 bytes JMP 0000000174ef1a90
.text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[7592] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076cd5ea5 5 bytes JMP 0000000174ef1ce0
.text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[7592] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076d09d0b 5 bytes JMP 0000000174ef1c70
.text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[7592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f31465 2 bytes [F3, 75]
.text C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[7592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f314bb 2 bytes [F3, 75]
.text ... * 2
.text C:\Windows\system32\taskeng.exe[7596] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd4c2db0 5 bytes JMP 000007fffd4b0180
.text C:\Windows\system32\taskeng.exe[7596] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4c37d0 7 bytes JMP 000007fffd4b00d8
.text C:\Windows\system32\taskeng.exe[7596] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd4c8ef0 6 bytes JMP 000007fffd4b0148
.text C:\Windows\system32\taskeng.exe[7596] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd4daf60 5 bytes JMP 000007fffd4b0110
.text C:\Windows\system32\taskeng.exe[7596] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd6189f0 8 bytes JMP 000007fffd4b01f0
.text C:\Windows\system32\taskeng.exe[7596] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd61be50 8 bytes JMP 000007fffd4b01b8
.text C:\Windows\system32\taskeng.exe[7596] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe607490 11 bytes JMP 000007fffd4b0228
.text C:\Windows\system32\taskeng.exe[7596] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe61bf00 7 bytes JMP 000007fffd4b0260
.text C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe[4420] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a71409 7 bytes JMP 0000000174ef1e90
.text C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe[4420] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a8b21b 5 bytes JMP 0000000174ef1da0
.text C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe[4420] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b08e24 7 bytes JMP 0000000174ef1d90
.text C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe[4420] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b08ea9 5 bytes JMP 0000000174ef1e80
.text C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe[4420] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b091ff 5 bytes JMP 0000000174ef1e10
.text C:\Users\Hannah\Desktop\log\Gmer-19357.exe[5008] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a71409 7 bytes JMP 0000000174ef1e90
.text C:\Users\Hannah\Desktop\log\Gmer-19357.exe[5008] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a8b21b 5 bytes JMP 0000000174ef1da0
.text C:\Users\Hannah\Desktop\log\Gmer-19357.exe[5008] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b08e24 7 bytes JMP 0000000174ef1d90
.text C:\Users\Hannah\Desktop\log\Gmer-19357.exe[5008] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b08ea9 5 bytes JMP 0000000174ef1e80
.text C:\Users\Hannah\Desktop\log\Gmer-19357.exe[5008] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b091ff 5 bytes JMP 0000000174ef1e10
.text C:\Users\Hannah\Desktop\log\Gmer-19357.exe[5008] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075291d29 5 bytes JMP 0000000174ef2450
.text C:\Users\Hannah\Desktop\log\Gmer-19357.exe[5008] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075291dd7 5 bytes JMP 0000000174ef24b0
.text C:\Users\Hannah\Desktop\log\Gmer-19357.exe[5008] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075292ab1 5 bytes JMP 0000000174ef2520
.text C:\Users\Hannah\Desktop\log\Gmer-19357.exe[5008] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075292d17 5 bytes JMP 0000000174ef2670
.text C:\Users\Hannah\Desktop\log\Gmer-19357.exe[5008] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007674e96b 5 bytes JMP 0000000174ef1a00
.text C:\Users\Hannah\Desktop\log\Gmer-19357.exe[5008] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007674eba5 5 bytes JMP 0000000174ef1a90
---- Processes - GMER 2.1 ----
Process C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (*** suspicious ***) @ C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [2892] (EPSON Status Monitor 3/SEIKO EPSON CORPORATION)(2012-08-05 19:26:20) 0000000100000000
Process C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (*** suspicious ***) @ C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2928] (EPSON Status Monitor 3/SEIKO EPSON CORPORATION)(2012-08-05 19:26:20) 0000000100000000
Library C:\Users\Hannah\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe [2620](2014-08-15 18:46:08) 0000000003de0000
Library c:\users\hannah\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpddawlr.dll (*** suspicious ***) @ C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe [2620](2014-09-04 09:59:04) 0000000004230000
Library C:\Users\Hannah\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe [2620](2013-08-23 19:01:44) 0000000059410000
Library C:\Users\Hannah\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Hannah\AppData\Roaming\Dropbox\bin\Dropbox.exe [2620] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 0000000058a80000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf46a64b8
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf46a64b8 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
| Themen zu Windows 7: Internet: Proxy-Server verweigert die Verbindung |
| browser, fehlercode 0x5, fehlercode 87, fehlermeldung, internet, internet explorer, monitor.exe, nvidia, programm, proxy-server, registrierungsdatenbank, registry, software, svchost, trojaner, trojaner board, win32/downloader.joosoft.a, win32/startpage.oph, win32/toolbar.conduit, win32/toolbar.widgi, windows |
Baum-Darstellung