| |
| |||||||
Log-Analyse und Auswertung: Windows 7: rvzr-a-akamaihd stört in MozillaWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.11.2013, 22:04
| #1 |
| |  Windows 7: rvzr-a-akamaihd stört in Mozilla Hallo Forum! Wie wohl auch viele andere habe ich das Problem mit dem rvzr-a-akamaihd Virus, bei mir tritt er im Mozilla auf. Nachdem ich gerade die Logfiles erstellt habe und mir sie anschaute, erschien der BlueScreen und windows hat sich heruntergefahren. Um den Virus langfristig zu entfernen, erbitte ich individuelle Hilfe durch das Forum - Danke! PS: Da der Text zu lang war, befinden sich FRST und Addition im Anhang. Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-30 21:41:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\iFlo\AppData\Local\Temp\kwldrpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef776dc88 5 bytes JMP 000007fff75600d8
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef776de10 5 bytes JMP 000007fff7560110
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Program Files\EgisTec IPS\PMMUpdate.exe[4280] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files\EgisTec IPS\PMMUpdate.exe[4280] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files\EgisTec IPS\PMMUpdate.exe[4280] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files\EgisTec IPS\PMMUpdate.exe[4280] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files\EgisTec IPS\PMMUpdate.exe[4280] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Program Files\EgisTec IPS\PMMUpdate.exe[4280] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f95bc36b
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f95bc36b (not active ControlSet)
---- EOF - GMER 2.1 ----
|
| Themen zu Windows 7: rvzr-a-akamaihd stört in Mozilla |
| .dll, acer, anti-malware, audio, bluescreen, desktop, entfernen, forum, gmer, harddisk, ics, launch, logfiles, malwarebytes, mozilla, nvidia, pmmupdate.exe, problem, realtek, registry, scan, system, system32, temp, update, virus, windows |
Baum-Darstellung