GMER Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
GMER 2.1.19355 - hxxp://www.gmer.net
Rootkit scan 2014-01-26 21:50:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0001 465,76GB
Running: gmer.exe; Driver: C:\Users\Markus\AppData\Local\Temp\uwtyqpog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003808000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000380802f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076d5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076db99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076dc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076dc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dea500 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 11 bytes JMP 000007fffcf00228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd9dbf00 7 bytes JMP 000007fffcf00260
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076671465 2 bytes [67, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766714bb 2 bytes [67, 76]
.text ... * 2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4024] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000761c1eee 7 bytes JMP 000000016f281695
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4024] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000761c5b85 7 bytes JMP 000000016f2811a9
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4024] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000761d13e1 7 bytes JMP 000000016f28128a
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4024] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000761dea0d 7 bytes JMP 000000016f281244
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4024] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000761eb1d3 5 bytes JMP 000000016f2815aa
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4024] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762688b4 7 bytes JMP 000000016f281339
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4024] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076268939 5 bytes JMP 000000016f2816d6
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4024] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076268c8f 5 bytes JMP 000000016f28170d
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4024] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758e1d1b 5 bytes JMP 000000016f2811c2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4024] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758e1dc9 5 bytes JMP 000000016f281014
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4024] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758e2aa4 5 bytes JMP 000000016f281555
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4024] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758e2d0a 5 bytes JMP 000000016f281271
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4024] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000762d5ea5 5 bytes JMP 000000016f2815fa
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4024] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076309d0b 5 bytes JMP 000000016f28121c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000761c1eee 7 bytes JMP 000000016f281695
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000761c5b85 7 bytes JMP 000000016f2811a9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000761d13e1 7 bytes JMP 000000016f28128a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000761dea0d 7 bytes JMP 000000016f281244
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000761eb1d3 5 bytes JMP 000000016f2815aa
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762688b4 7 bytes JMP 000000016f281339
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076268939 5 bytes JMP 000000016f2816d6
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076268c8f 5 bytes JMP 000000016f28170d
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758e1d1b 5 bytes JMP 000000016f2811c2
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758e1dc9 5 bytes JMP 000000016f281014
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758e2aa4 5 bytes JMP 000000016f281555
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758e2d0a 5 bytes JMP 000000016f281271
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076438a29 5 bytes JMP 000000016f281726
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076444572 5 bytes JMP 000000016f2810a0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007645e567 5 bytes JMP 000000016f281415
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076497a5c 5 bytes JMP 000000016f2815d2
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074b3e96b 5 bytes JMP 000000016f2815c3
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074b3eba5 5 bytes JMP 000000016f281186
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000762d5ea5 5 bytes JMP 000000016f2815fa
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4056] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076309d0b 5 bytes JMP 000000016f28121c
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5024] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 00000000761c1eee 7 bytes JMP 000000016f281695
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5024] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 00000000761c5b85 7 bytes JMP 000000016f2811a9
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5024] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000761d13e1 7 bytes JMP 000000016f28128a
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5024] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 00000000761dea0d 7 bytes JMP 000000016f281244
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5024] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 00000000761eb1d3 5 bytes JMP 000000016f2815aa
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5024] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000762688b4 7 bytes JMP 000000016f281339
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5024] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076268939 5 bytes JMP 000000016f2816d6
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5024] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076268c8f 5 bytes JMP 000000016f28170d
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4296] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076d5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4296] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4296] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4296] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4296] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076db99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4296] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076dc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4296] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076dc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4296] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dea500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4340] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076d5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4340] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4340] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4340] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4340] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076db99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4340] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076dc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4340] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076dc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4340] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dea500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4340] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd0789e0 8 bytes JMP 000007fffcf001f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4340] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd07be40 8 bytes JMP 000007fffcf001b8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4340] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 11 bytes JMP 000007fffcf00228
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4340] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd9dbf00 7 bytes JMP 000007fffcf00260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076d5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076db99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076dc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076dc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4732] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dea500 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4864] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000761c1eee 7 bytes JMP 000000016f281695
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4864] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000761c5b85 7 bytes JMP 000000016f2811a9
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4864] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000761d13e1 7 bytes JMP 000000016f28128a
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4864] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000761dea0d 7 bytes JMP 000000016f281244
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4864] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000761eb1d3 5 bytes JMP 000000016f2815aa
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4864] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762688b4 7 bytes JMP 000000016f281339
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4864] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076268939 5 bytes JMP 000000016f2816d6
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4864] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076268c8f 5 bytes JMP 000000016f28170d
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4872] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf12db0 5 bytes JMP 000007fffcf00180
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf137d0 7 bytes JMP 000007fffcf000d8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf18ef0 6 bytes JMP 000007fffcf00148
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf2af60 5 bytes JMP 000007fffcf00110
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4872] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd0789e0 8 bytes JMP 000007fffcf001f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4872] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd07be40 8 bytes JMP 000007fffcf001b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4872] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 11 bytes JMP 000007fffcf00228
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4872] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd9dbf00 7 bytes JMP 000007fffcf00260
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3928] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000761c1eee 7 bytes JMP 000000016f281695
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3928] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000761c5b85 7 bytes JMP 000000016f2811a9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3928] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000761d13e1 7 bytes JMP 000000016f28128a
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3928] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000761dea0d 7 bytes JMP 000000016f281244
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3928] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000761eb1d3 5 bytes JMP 000000016f2815aa
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3928] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762688b4 7 bytes JMP 000000016f281339
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3928] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076268939 5 bytes JMP 000000016f2816d6
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3928] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076268c8f 5 bytes JMP 000000016f28170d
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3928] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074b3e96b 5 bytes JMP 000000016f2815c3
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3928] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074b3eba5 5 bytes JMP 000000016f281186
.text C:\Program Files (x86)\Steam\Steam.exe[5348] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000761c1eee 7 bytes JMP 000000016f281695
.text C:\Program Files (x86)\Steam\Steam.exe[5348] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000761c5b85 7 bytes JMP 000000016f2811a9
.text C:\Program Files (x86)\Steam\Steam.exe[5348] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000761d13e1 7 bytes JMP 000000016f28128a
.text C:\Program Files (x86)\Steam\Steam.exe[5348] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000761dea0d 7 bytes JMP 000000016f281244
.text C:\Program Files (x86)\Steam\Steam.exe[5348] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000761eb1d3 5 bytes JMP 000000016f2815aa
.text C:\Program Files (x86)\Steam\Steam.exe[5348] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762688b4 7 bytes JMP 000000016f281339
.text C:\Program Files (x86)\Steam\Steam.exe[5348] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076268939 5 bytes JMP 000000016f2816d6
.text C:\Program Files (x86)\Steam\Steam.exe[5348] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076268c8f 5 bytes JMP 000000016f28170d
.text C:\Program Files (x86)\Steam\Steam.exe[5348] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076671465 2 bytes [67, 76]
.text C:\Program Files (x86)\Steam\Steam.exe[5348] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000766714bb 2 bytes [67, 76]
.text ... * 2
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5404] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076d5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5404] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5404] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5404] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5404] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076db99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5404] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076dc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5404] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076dc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5404] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dea500 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5404] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf12db0 5 bytes JMP 000007fffcf00180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5404] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf137d0 7 bytes JMP 000007fffcf000d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf18ef0 6 bytes JMP 000007fffcf00148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5404] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf2af60 5 bytes JMP 000007fffcf00110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5404] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd0789e0 8 bytes JMP 000007fffcf001f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5404] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd07be40 8 bytes JMP 000007fffcf001b8
.text C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe[5528] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 11 bytes JMP 000007fffcd70228
.text C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe[5528] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd9dbf00 7 bytes JMP 000007fffcd70260
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000761c1eee 7 bytes JMP 000000016f281695
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000761c5b85 7 bytes JMP 000000016f2811a9
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000761d13e1 7 bytes JMP 000000016f28128a
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000761dea0d 7 bytes JMP 000000016f281244
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000761eb1d3 5 bytes JMP 000000016f2815aa
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762688b4 7 bytes JMP 000000016f281339
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076268939 5 bytes JMP 000000016f2816d6
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076268c8f 5 bytes JMP 000000016f28170d
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758e1d1b 5 bytes JMP 000000016f2811c2
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758e1dc9 5 bytes JMP 000000016f281014
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758e2aa4 5 bytes JMP 000000016f281555
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758e2d0a 5 bytes JMP 000000016f281271
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074b3e96b 5 bytes JMP 000000016f2815c3
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074b3eba5 5 bytes JMP 000000016f281186
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076438a29 5 bytes JMP 000000016f281726
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076444572 5 bytes JMP 000000016f2810a0
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007645e567 5 bytes JMP 000000016f281415
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076497a5c 5 bytes JMP 000000016f2815d2
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000762d5ea5 5 bytes JMP 000000016f2815fa
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5896] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076309d0b 5 bytes JMP 000000016f28121c
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[6100] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000761c1eee 7 bytes JMP 000000016f281695
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[6100] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000761c5b85 7 bytes JMP 000000016f2811a9
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[6100] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000761d13e1 7 bytes JMP 000000016f28128a
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[6100] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000761dea0d 7 bytes JMP 000000016f281244
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[6100] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000761eb1d3 5 bytes JMP 000000016f2815aa
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[6100] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762688b4 7 bytes JMP 000000016f281339
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[6100] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076268939 5 bytes JMP 000000016f2816d6
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[6100] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076268c8f 5 bytes JMP 000000016f28170d
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[1132] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000761eb1d3 5 bytes JMP 000000016f2815aa
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[1132] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762688b4 7 bytes JMP 000000016f281339
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[1132] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076268939 5 bytes JMP 000000016f2816d6
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[1132] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076268c8f 5 bytes JMP 000000016f28170d
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[1132] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076438a29 5 bytes JMP 000000016f281726
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[1132] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076444572 5 bytes JMP 000000016f2810a0
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[1132] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007645e567 5 bytes JMP 000000016f281415
.text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[1132] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076497a5c 5 bytes JMP 000000016f2815d2
.text C:\Program Files (x86)\Stickies\stickies.exe[5356] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000761c1eee 7 bytes JMP 000000016f281695
.text C:\Program Files (x86)\Stickies\stickies.exe[5356] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000761c5b85 7 bytes JMP 000000016f2811a9
.text C:\Program Files (x86)\Stickies\stickies.exe[5356] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000761d13e1 7 bytes JMP 000000016f28128a
.text C:\Program Files (x86)\Stickies\stickies.exe[5356] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000761dea0d 7 bytes JMP 000000016f281244
.text C:\Program Files (x86)\Stickies\stickies.exe[5356] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000761eb1d3 5 bytes JMP 000000016f2815aa
.text C:\Program Files (x86)\Stickies\stickies.exe[5356] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762688b4 7 bytes JMP 000000016f281339
.text C:\Program Files (x86)\Stickies\stickies.exe[5356] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076268939 5 bytes JMP 000000016f2816d6
.text C:\Program Files (x86)\Stickies\stickies.exe[5356] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076268c8f 5 bytes JMP 000000016f28170d
.text C:\Program Files (x86)\Stickies\stickies.exe[5356] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076438a29 5 bytes JMP 000000016f281726
.text C:\Program Files (x86)\Stickies\stickies.exe[5356] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076444572 5 bytes JMP 000000016f2810a0
.text C:\Program Files (x86)\Stickies\stickies.exe[5356] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007645e567 5 bytes JMP 000000016f281415
.text C:\Program Files (x86)\Stickies\stickies.exe[5356] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076497a5c 5 bytes JMP 000000016f2815d2
.text C:\Program Files (x86)\Stickies\stickies.exe[5356] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074b3e96b 5 bytes JMP 000000016f2815c3
.text C:\Program Files (x86)\Stickies\stickies.exe[5356] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074b3eba5 5 bytes JMP 000000016f281186
.text C:\Program Files (x86)\Stickies\stickies.exe[5356] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000762d5ea5 5 bytes JMP 000000016f2815fa
.text C:\Program Files (x86)\Stickies\stickies.exe[5356] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076309d0b 5 bytes JMP 000000016f28121c
.text C:\Program Files (x86)\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe[5340] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000762d5ea5 5 bytes JMP 000000016f2815fa
.text C:\Program Files (x86)\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe[5340] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076309d0b 5 bytes JMP 000000016f28121c
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 00000000761c1eee 7 bytes JMP 000000016f281695
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 00000000761c5b85 7 bytes JMP 000000016f2811a9
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000761d13e1 7 bytes JMP 000000016f28128a
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 00000000761dea0d 7 bytes JMP 000000016f281244
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 00000000761eb1d3 5 bytes JMP 000000016f2815aa
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000762688b4 7 bytes JMP 000000016f281339
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076268939 5 bytes JMP 000000016f2816d6
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076268c8f 5 bytes JMP 000000016f28170d
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758e1d1b 5 bytes JMP 000000016f2811c2
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758e1dc9 5 bytes JMP 000000016f281014
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758e2aa4 5 bytes JMP 000000016f281555
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758e2d0a 5 bytes JMP 000000016f281271
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074b3e96b 5 bytes JMP 000000016f2815c3
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074b3eba5 5 bytes JMP 000000016f281186
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076438a29 5 bytes JMP 000000016f281726
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076444572 5 bytes JMP 000000016f2810a0
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007645e567 5 bytes JMP 000000016f281415
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076497a5c 5 bytes JMP 000000016f2815d2
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000762d5ea5 5 bytes JMP 000000016f2815fa
.text C:\Program Files (x86)\Dell\NetReady\NetReady.exe[4908] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076309d0b 5 bytes JMP 000000016f28121c
.text C:\Program Files\HP\HP Officejet 6700\bin\HPNetworkCommunicator.exe[5708] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf12db0 5 bytes JMP 000007fffcef0180
.text C:\Program Files\HP\HP Officejet 6700\bin\HPNetworkCommunicator.exe[5708] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf137d0 7 bytes JMP 000007fffcef00d8
.text C:\Program Files\HP\HP Officejet 6700\bin\HPNetworkCommunicator.exe[5708] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf18ef0 6 bytes JMP 000007fffcef0148
.text C:\Program Files\HP\HP Officejet 6700\bin\HPNetworkCommunicator.exe[5708] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf2af60 5 bytes JMP 000007fffcef0110
.text C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe[1260] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf12db0 5 bytes JMP 000007fffcef0180
.text C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe[1260] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf137d0 7 bytes JMP 000007fffcef00d8
.text C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe[1260] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf18ef0 6 bytes JMP 000007fffcef0148
.text C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe[1260] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf2af60 5 bytes JMP 000007fffcef0110
.text C:\Program Files (x86)\WinRAR.exe[7520] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076d5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files (x86)\WinRAR.exe[7520] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\WinRAR.exe[7520] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\WinRAR.exe[7520] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\WinRAR.exe[7520] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076db99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\WinRAR.exe[7520] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076dc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\WinRAR.exe[7520] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076dc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\WinRAR.exe[7520] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dea500 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\WinRAR.exe[7520] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf12db0 5 bytes JMP 000007fffcf00180
.text C:\Program Files (x86)\WinRAR.exe[7520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf137d0 7 bytes JMP 000007fffcf000d8
.text C:\Program Files (x86)\WinRAR.exe[7520] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf18ef0 6 bytes JMP 000007fffcf00148
.text C:\Program Files (x86)\WinRAR.exe[7520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf2af60 5 bytes JMP 000007fffcf00110
.text C:\Program Files (x86)\WinRAR.exe[7520] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd0789e0 8 bytes JMP 000007fffcf001f0
.text C:\Program Files (x86)\WinRAR.exe[7520] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd07be40 8 bytes JMP 000007fffcf001b8
.text C:\Program Files (x86)\WinRAR.exe[7520] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 11 bytes JMP 000007fffcf00228
.text C:\Program Files (x86)\WinRAR.exe[7520] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd9dbf00 7 bytes JMP 000007fffcf00260
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000761c1eee 7 bytes JMP 000000016f281695
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000761c5b85 7 bytes JMP 000000016f2811a9
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000761d13e1 7 bytes JMP 000000016f28128a
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000761dea0d 7 bytes JMP 000000016f281244
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000761eb1d3 5 bytes JMP 000000016f2815aa
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762688b4 7 bytes JMP 000000016f281339
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076268939 5 bytes JMP 000000016f2816d6
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076268c8f 5 bytes JMP 000000016f28170d
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758e1d1b 5 bytes JMP 000000016f2811c2
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758e1dc9 5 bytes JMP 000000016f281014
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758e2aa4 5 bytes JMP 000000016f281555
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758e2d0a 5 bytes JMP 000000016f281271
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074b3e96b 5 bytes JMP 000000016f2815c3
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074b3eba5 5 bytes JMP 000000016f281186
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076438a29 5 bytes JMP 000000016f281726
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076444572 5 bytes JMP 000000016f2810a0
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007645e567 5 bytes JMP 000000016f281415
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076497a5c 5 bytes JMP 000000016f2815d2
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000762d5ea5 5 bytes JMP 000000016f2815fa
.text C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe[7356] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076309d0b 5 bytes JMP 000000016f28121c
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [2044:404] 000000000108d1f6
Thread C:\Windows\SysWOW64\ntdll.dll [2044:2248] 0000000071dc8c90
Thread C:\Windows\SysWOW64\ntdll.dll [2044:2924] 0000000071b3a7e0
Thread C:\Windows\SysWOW64\ntdll.dll [2044:3152] 000000006f9b8960
Thread C:\Windows\SysWOW64\ntdll.dll [2044:3156] 000000006f9b8960
Thread C:\Windows\SysWOW64\ntdll.dll [2044:3164] 000000006f9b4090
Thread C:\Windows\SysWOW64\ntdll.dll [2044:4236] 0000000071b4c740
Thread C:\Windows\SysWOW64\ntdll.dll [2044:2748] 0000000071b4d1a0
Thread C:\Windows\SysWOW64\ntdll.dll [2044:7884] 000000006f9b8960
Thread C:\Windows\SysWOW64\ntdll.dll [2044:1972] 000000006f9b8960
Thread C:\Windows\SysWOW64\ntdll.dll [2044:2352] 000000007215e2cb
---- Processes - GMER 2.1 ----
Library C:\Users\Markus\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\Ontology.dll (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [4056] 000000005d070000
Library C:\Users\Markus\AppData\Local\Temp\jna2269665512663529200.tmp (*** suspicious ***) @ C:\Program Files (x86)\Java\jre7\bin\javaw.exe [1132] 00000000052d0000
Library \\?\C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [5576] (Individualized Black Box DLL/Microsoft Corporation SIGNED)(2011-08-05 13:16:44) 000000000ac00000
Process C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe (*** suspicious ***) @ C:\Users\Markus\AppData\Local\Temp\Rar$EX49.936\gmer.exe [7356](2014-01-26 20:09:14) 0000000000400000
---- EOF - GMER 2.1 ----
--- --- ---
26.01.2014, 21:52
Baum-Darstellung