Code:
Alles auswählen Aufklappen ATTFilter
* 2
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076481f0e 7 bytes JMP 0000000171161695
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076485bad 7 bytes JMP 00000001711611a9
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076491409 7 bytes JMP 000000017116128a
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ea45 7 bytes JMP 0000000171161244
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000764ab21b 5 bytes JMP 00000001711615aa
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528e24 7 bytes JMP 0000000171161339
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528ea9 5 bytes JMP 00000001711616d6
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000765291ff 5 bytes JMP 000000017116170d
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e31d29 5 bytes JMP 00000001711611c2
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e31dd7 5 bytes JMP 0000000171161014
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e32ab1 5 bytes JMP 0000000171161555
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e32d17 5 bytes JMP 0000000171161271
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000775c8a29 5 bytes JMP 0000000171161726
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000775d4572 5 bytes JMP 00000001711610a0
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000775ee567 5 bytes JMP 0000000171161415
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077627a5c 5 bytes JMP 00000001711615d2
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e96b 5 bytes JMP 00000001711615c3
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640eba5 5 bytes JMP 0000000171161186
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765b5ea5 5 bytes JMP 00000001711615fa
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 5 bytes JMP 000000017116121c
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076991465 2 bytes [99, 76]
.text C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000769914bb 2 bytes [99, 76]
.text ... * 2
.text C:\Programme und SpieleMicrosoft Office 2010\Office14\ONENOTEM.EXE[4904] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076481f0e 7 bytes JMP 0000000171161695
.text C:\Programme und SpieleMicrosoft Office 2010\Office14\ONENOTEM.EXE[4904] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076485bad 7 bytes JMP 00000001711611a9
.text C:\Programme und SpieleMicrosoft Office 2010\Office14\ONENOTEM.EXE[4904] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076491409 7 bytes JMP 000000017116128a
.text C:\Programme und SpieleMicrosoft Office 2010\Office14\ONENOTEM.EXE[4904] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ea45 7 bytes JMP 0000000171161244
.text C:\Programme und SpieleMicrosoft Office 2010\Office14\ONENOTEM.EXE[4904] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Programme und SpieleMicrosoft Office 2010\Office14\ONENOTEM.EXE[4904] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000764ab21b 5 bytes JMP 00000001711615aa
.text C:\Programme und SpieleMicrosoft Office 2010\Office14\ONENOTEM.EXE[4904] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528e24 7 bytes JMP 0000000171161339
.text C:\Programme und SpieleMicrosoft Office 2010\Office14\ONENOTEM.EXE[4904] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528ea9 5 bytes JMP 00000001711616d6
.text C:\Programme und SpieleMicrosoft Office 2010\Office14\ONENOTEM.EXE[4904] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000765291ff 5 bytes JMP 000000017116170d
.text C:\Programme und SpieleMicrosoft Office 2010\Office14\ONENOTEM.EXE[4904] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000775c8a29 5 bytes JMP 0000000171161726
.text C:\Programme und SpieleMicrosoft Office 2010\Office14\ONENOTEM.EXE[4904] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000775d4572 5 bytes JMP 00000001711610a0
.text C:\Programme und SpieleMicrosoft Office 2010\Office14\ONENOTEM.EXE[4904] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000775ee567 5 bytes JMP 0000000171161415
.text C:\Programme und SpieleMicrosoft Office 2010\Office14\ONENOTEM.EXE[4904] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077627a5c 5 bytes JMP 00000001711615d2
.text C:\Programme und SpieleMicrosoft Office 2010\Office14\ONENOTEM.EXE[4904] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e96b 5 bytes JMP 00000001711615c3
.text C:\Programme und SpieleMicrosoft Office 2010\Office14\ONENOTEM.EXE[4904] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640eba5 5 bytes JMP 0000000171161186
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076481f0e 7 bytes JMP 0000000171161695
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076485bad 7 bytes JMP 00000001711611a9
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076491409 7 bytes JMP 000000017116128a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ea45 7 bytes JMP 0000000171161244
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000764ab21b 5 bytes JMP 00000001711615aa
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528e24 7 bytes JMP 0000000171161339
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528ea9 5 bytes JMP 00000001711616d6
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000765291ff 5 bytes JMP 000000017116170d
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e31d29 5 bytes JMP 00000001711611c2
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e31dd7 5 bytes JMP 0000000171161014
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e32ab1 5 bytes JMP 0000000171161555
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e32d17 5 bytes JMP 0000000171161271
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e96b 5 bytes JMP 00000001711615c3
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640eba5 5 bytes JMP 0000000171161186
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000775c8a29 5 bytes JMP 0000000171161726
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000775d4572 5 bytes JMP 00000001711610a0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000775ee567 5 bytes JMP 0000000171161415
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077627a5c 5 bytes JMP 00000001711615d2
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765b5ea5 5 bytes JMP 00000001711615fa
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4960] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 5 bytes JMP 000000017116121c
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076481f0e 7 bytes JMP 0000000171161695
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076485bad 7 bytes JMP 00000001711611a9
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076491409 7 bytes JMP 000000017116128a
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ea45 7 bytes JMP 0000000171161244
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000764ab21b 5 bytes JMP 00000001711615aa
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528e24 7 bytes JMP 0000000171161339
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528ea9 5 bytes JMP 00000001711616d6
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000765291ff 5 bytes JMP 000000017116170d
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e31d29 5 bytes JMP 00000001711611c2
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e31dd7 5 bytes JMP 0000000171161014
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e32ab1 5 bytes JMP 0000000171161555
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e32d17 5 bytes JMP 0000000171161271
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000775c8a29 5 bytes JMP 0000000171161726
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000775d4572 5 bytes JMP 00000001711610a0
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000775ee567 5 bytes JMP 0000000171161415
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077627a5c 5 bytes JMP 00000001711615d2
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e96b 5 bytes JMP 00000001711615c3
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640eba5 5 bytes JMP 0000000171161186
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765b5ea5 5 bytes JMP 00000001711615fa
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 5 bytes JMP 000000017116121c
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076991465 2 bytes [99, 76]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769914bb 2 bytes [99, 76]
.text ... * 2
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5032] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5032] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5032] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5032] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5032] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5032] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5032] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5032] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5032] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5032] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5032] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5032] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5032] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9f7490 11 bytes JMP 000007fffd9f0228
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5032] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffa0bf00 7 bytes JMP 000007fffd9f0260
.text C:\Programme und Spiele\Avast Free Antivirus\avastui.exe[5040] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076488791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Programme und Spiele\Avast Free Antivirus\avastui.exe[5040] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076481f0e 7 bytes JMP 0000000171161695
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076485bad 7 bytes JMP 00000001711611a9
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076491409 7 bytes JMP 000000017116128a
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ea45 7 bytes JMP 0000000171161244
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000764ab21b 5 bytes JMP 00000001711615aa
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528e24 7 bytes JMP 0000000171161339
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528ea9 5 bytes JMP 00000001711616d6
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000765291ff 5 bytes JMP 000000017116170d
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e31d29 5 bytes JMP 00000001711611c2
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e31dd7 5 bytes JMP 0000000171161014
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e32ab1 5 bytes JMP 0000000171161555
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e32d17 5 bytes JMP 0000000171161271
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000775c8a29 5 bytes JMP 0000000171161726
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000775d4572 5 bytes JMP 00000001711610a0
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000775ee567 5 bytes JMP 0000000171161415
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077627a5c 5 bytes JMP 00000001711615d2
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e96b 5 bytes JMP 00000001711615c3
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640eba5 5 bytes JMP 0000000171161186
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765b5ea5 5 bytes JMP 00000001711615fa
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4384] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 5 bytes JMP 000000017116121c
.text C:\Windows\system32\igfxext.exe[4012] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\system32\igfxsrvc.exe[4744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Programme\lg_fwupdate\fwupdate.exe[4940] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076481f0e 7 bytes JMP 0000000171161695
.text C:\Programme\lg_fwupdate\fwupdate.exe[4940] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Programme\lg_fwupdate\fwupdate.exe[4940] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000764ab21b 5 bytes JMP 00000001711615aa
.text C:\Programme\lg_fwupdate\fwupdate.exe[4940] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528e24 7 bytes JMP 0000000171161339
.text C:\Programme\lg_fwupdate\fwupdate.exe[4940] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528ea9 5 bytes JMP 00000001711616d6
.text C:\Programme\lg_fwupdate\fwupdate.exe[4940] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000765291ff 5 bytes JMP 000000017116170d
.text C:\Programme\lg_fwupdate\fwupdate.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e31d29 5 bytes JMP 00000001711611c2
.text C:\Programme\lg_fwupdate\fwupdate.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e31dd7 5 bytes JMP 0000000171161014
.text C:\Programme\lg_fwupdate\fwupdate.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e32ab1 5 bytes JMP 0000000171161555
.text C:\Programme\lg_fwupdate\fwupdate.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e32d17 5 bytes JMP 0000000171161271
.text C:\Programme\lg_fwupdate\fwupdate.exe[4940] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000775c8a29 5 bytes JMP 0000000171161726
.text C:\Programme\lg_fwupdate\fwupdate.exe[4940] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000775d4572 5 bytes JMP 00000001711610a0
.text C:\Programme\lg_fwupdate\fwupdate.exe[4940] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000775ee567 5 bytes JMP 0000000171161415
.text C:\Programme\lg_fwupdate\fwupdate.exe[4940] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077627a5c 5 bytes JMP 00000001711615d2
.text C:\Programme\lg_fwupdate\fwupdate.exe[4940] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e96b 5 bytes JMP 00000001711615c3
.text C:\Programme\lg_fwupdate\fwupdate.exe[4940] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640eba5 5 bytes JMP 0000000171161186
.text C:\Programme\lg_fwupdate\fwupdate.exe[4940] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765b5ea5 5 bytes JMP 00000001711615fa
.text C:\Programme\lg_fwupdate\fwupdate.exe[4940] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 5 bytes JMP 000000017116121c
.text C:\Programme und Spiele\CyberLink\PowerDVD10\PowerDVD10\PDVD10Serv.exe[4644] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076481f0e 7 bytes JMP 0000000171161695
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076485bad 7 bytes JMP 00000001711611a9
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076491409 7 bytes JMP 000000017116128a
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ea45 7 bytes JMP 0000000171161244
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000764ab21b 5 bytes JMP 00000001711615aa
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528e24 7 bytes JMP 0000000171161339
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528ea9 5 bytes JMP 00000001711616d6
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000765291ff 5 bytes JMP 000000017116170d
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e31d29 5 bytes JMP 00000001711611c2
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e31dd7 5 bytes JMP 0000000171161014
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e32ab1 5 bytes JMP 0000000171161555
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e32d17 5 bytes JMP 0000000171161271
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000775c8a29 5 bytes JMP 0000000171161726
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000775d4572 5 bytes JMP 00000001711610a0
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000775ee567 5 bytes JMP 0000000171161415
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077627a5c 5 bytes JMP 00000001711615d2
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e96b 5 bytes JMP 00000001711615c3
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640eba5 5 bytes JMP 0000000171161186
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765b5ea5 5 bytes JMP 00000001711615fa
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[4656] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 5 bytes JMP 000000017116121c
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076481f0e 7 bytes JMP 0000000171161695
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076485bad 7 bytes JMP 00000001711611a9
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076491409 7 bytes JMP 000000017116128a
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ea45 7 bytes JMP 0000000171161244
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000764ab21b 5 bytes JMP 00000001711615aa
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528e24 7 bytes JMP 0000000171161339
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528ea9 5 bytes JMP 00000001711616d6
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000765291ff 5 bytes JMP 000000017116170d
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e31d29 5 bytes JMP 00000001711611c2
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e31dd7 5 bytes JMP 0000000171161014
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e32ab1 5 bytes JMP 0000000171161555
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e32d17 5 bytes JMP 0000000171161271
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e96b 5 bytes JMP 00000001711615c3
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640eba5 5 bytes JMP 0000000171161186
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000775c8a29 5 bytes JMP 0000000171161726
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000775d4572 5 bytes JMP 00000001711610a0
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000775ee567 5 bytes JMP 0000000171161415
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077627a5c 5 bytes JMP 00000001711615d2
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765b5ea5 5 bytes JMP 00000001711615fa
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4984] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 5 bytes JMP 000000017116121c
.text C:\Windows\splwow64.exe[4176] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Windows\splwow64.exe[4176] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Windows\splwow64.exe[4176] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Windows\splwow64.exe[4176] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Windows\splwow64.exe[4176] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\splwow64.exe[4176] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Windows\splwow64.exe[4176] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Windows\splwow64.exe[4176] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Windows\splwow64.exe[4176] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Windows\splwow64.exe[4176] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Windows\splwow64.exe[4176] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Windows\splwow64.exe[4176] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Windows\splwow64.exe[4176] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Windows\splwow64.exe[4176] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Windows\splwow64.exe[4176] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Windows\splwow64.exe[4176] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9f7490 11 bytes JMP 000007fffd9f0228
.text C:\Windows\splwow64.exe[4176] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffa0bf00 7 bytes JMP 000007fffd9f0260
.text C:\Windows\system32\wbem\unsecapp.exe[5252] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Windows\system32\wbem\unsecapp.exe[5252] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\wbem\unsecapp.exe[5252] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Windows\system32\wbem\unsecapp.exe[5252] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\wbem\unsecapp.exe[5252] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[5252] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\wbem\unsecapp.exe[5252] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\wbem\unsecapp.exe[5252] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\wbem\unsecapp.exe[5252] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\wbem\unsecapp.exe[5252] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Windows\system32\wbem\unsecapp.exe[5252] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Windows\system32\wbem\unsecapp.exe[5252] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Windows\system32\wbem\unsecapp.exe[5252] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Windows\system32\wbem\unsecapp.exe[5252] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9f7490 11 bytes JMP 000007fffd9f0228
.text C:\Windows\system32\wbem\unsecapp.exe[5252] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffa0bf00 7 bytes JMP 000007fffd9f0260
.text C:\Windows\system32\wbem\unsecapp.exe[5252] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Windows\system32\wbem\unsecapp.exe[5252] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3524] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[4060] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076481f0e 7 bytes JMP 0000000171161695
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076485bad 7 bytes JMP 00000001711611a9
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076491409 7 bytes JMP 000000017116128a
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007649ea45 7 bytes JMP 0000000171161244
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 00000000764ab21b 5 bytes JMP 00000001711615aa
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076528e24 7 bytes JMP 0000000171161339
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076528ea9 5 bytes JMP 00000001711616d6
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000765291ff 5 bytes JMP 000000017116170d
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e31d29 5 bytes JMP 00000001711611c2
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e31dd7 5 bytes JMP 0000000171161014
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e32ab1 5 bytes JMP 0000000171161555
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e32d17 5 bytes JMP 0000000171161271
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e96b 5 bytes JMP 00000001711615c3
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640eba5 5 bytes JMP 0000000171161186
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000775c8a29 5 bytes JMP 0000000171161726
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000775d4572 5 bytes JMP 00000001711610a0
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000775ee567 5 bytes JMP 0000000171161415
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077627a5c 5 bytes JMP 00000001711615d2
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765b5ea5 5 bytes JMP 00000001711615fa
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4524] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 5 bytes JMP 000000017116121c
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076481f0e 7 bytes JMP 0000000171161695
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076485bad 7 bytes JMP 00000001711611a9
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076491409 7 bytes JMP 000000017116128a
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007649ea45 7 bytes JMP 0000000171161244
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 00000000764ab21b 5 bytes JMP 00000001711615aa
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076528e24 7 bytes JMP 0000000171161339
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076528ea9 5 bytes JMP 00000001711616d6
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000765291ff 5 bytes JMP 000000017116170d
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e31d29 5 bytes JMP 00000001711611c2
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e31dd7 5 bytes JMP 0000000171161014
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e32ab1 5 bytes JMP 0000000171161555
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e32d17 5 bytes JMP 0000000171161271
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e96b 5 bytes JMP 00000001711615c3
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640eba5 5 bytes JMP 0000000171161186
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000775c8a29 5 bytes JMP 0000000171161726
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000775d4572 5 bytes JMP 00000001711610a0
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000775ee567 5 bytes JMP 0000000171161415
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077627a5c 5 bytes JMP 00000001711615d2
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765b5ea5 5 bytes JMP 00000001711615fa
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4528] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 5 bytes JMP 000000017116121c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6020] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\system32\taskeng.exe[3580] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Windows\system32\taskeng.exe[3580] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\taskeng.exe[3580] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Windows\system32\taskeng.exe[3580] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\taskeng.exe[3580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\system32\taskeng.exe[3580] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\taskeng.exe[3580] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\taskeng.exe[3580] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\taskeng.exe[3580] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\taskeng.exe[3580] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Windows\system32\taskeng.exe[3580] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Windows\system32\taskeng.exe[3580] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Windows\system32\taskeng.exe[3580] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Windows\system32\taskeng.exe[3580] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Windows\system32\taskeng.exe[3580] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Windows\system32\taskeng.exe[3580] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9f7490 11 bytes JMP 000007fffd9f0228
.text C:\Windows\system32\taskeng.exe[3580] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffa0bf00 7 bytes JMP 000007fffd9f0260
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076481f0e 7 bytes JMP 0000000171161695
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076485bad 7 bytes JMP 00000001711611a9
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076491409 7 bytes JMP 000000017116128a
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ea45 7 bytes JMP 0000000171161244
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000764ab21b 5 bytes JMP 00000001711615aa
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528e24 7 bytes JMP 0000000171161339
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528ea9 5 bytes JMP 00000001711616d6
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000765291ff 5 bytes JMP 000000017116170d
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e31d29 5 bytes JMP 00000001711611c2
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e31dd7 5 bytes JMP 0000000171161014
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e32ab1 5 bytes JMP 0000000171161555
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e32d17 5 bytes JMP 0000000171161271
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e96b 5 bytes JMP 00000001711615c3
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640eba5 5 bytes JMP 0000000171161186
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000775c8a29 5 bytes JMP 0000000171161726
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000775d4572 5 bytes JMP 00000001711610a0
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000775ee567 5 bytes JMP 0000000171161415
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077627a5c 5 bytes JMP 00000001711615d2
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765b5ea5 5 bytes JMP 00000001711615fa
.text C:\Users\MF\Desktop\Gmer-19357(1).exe[5248] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 5 bytes JMP 000000017116121c
---- Processes - GMER 2.1 ----
Library C:\Users\MF\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe [4896](2014-01-03 03:42:50) 0000000003bf0000
Library c:\users\mf\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplc6xaq.dll (*** suspicious ***) @ C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe [4896](2014-05-27 12:15:09) 00000000044f0000
Library C:\Users\MF\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe [4896](2013-10-18 23:55:02) 00000000698e0000
Library C:\Users\MF\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\MF\AppData\Roaming\Dropbox\bin\Dropbox.exe [4896] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 0000000068f50000
Process C:\Programme\lg_fwupdate\fwupdate.exe (*** suspicious ***) @ C:\Programme\lg_fwupdate\fwupdate.exe [4940] (BL)(2014-01-03 13:46:41) 0000000000400000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9cb70df7e825
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9cb70df7e825 (not active ControlSet)
---- EOF - GMER 2.1 ----
27.05.2014, 20:41
Baum-Darstellung