Ich hab auf Verdacht den
GMER Log einfach geteilt:
Code:
Alles auswählen Aufklappen ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-27 18:22:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465,76GB
Running: Gmer-19357(1).exe; Driver: C:\Users\MF\AppData\Local\Temp\pgldypoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fad000 19 bytes [00, 48, 83, 25, 2F, DF, 09, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 549 fffff80002fad015 1 byte [4B]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\system32\services.exe[852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[412] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[656] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\system32\winlogon.exe[700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[1028] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1104] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\system32\WLANExt.exe[1528] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9f7490 11 bytes JMP 000007fffd9f0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1548] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffa0bf00 7 bytes JMP 000007fffd9f0260
.text C:\Windows\system32\nvvsvc.exe[1556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Programme und Spiele\Avast Free Antivirus\afwServ.exe[1912] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076488791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Programme und Spiele\Avast Free Antivirus\afwServ.exe[1912] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Programme und Spiele\Avast Free Antivirus\afwServ.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076991465 2 bytes [99, 76]
.text C:\Programme und Spiele\Avast Free Antivirus\afwServ.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769914bb 2 bytes [99, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[1988] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2024] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1052] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1360] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2092] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076481f0e 7 bytes JMP 0000000171161695
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076485bad 7 bytes JMP 00000001711611a9
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076491409 7 bytes JMP 000000017116128a
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ea45 7 bytes JMP 0000000171161244
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000764ab21b 5 bytes JMP 00000001711615aa
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528e24 7 bytes JMP 0000000171161339
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528ea9 5 bytes JMP 00000001711616d6
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000765291ff 5 bytes JMP 000000017116170d
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e31d29 5 bytes JMP 00000001711611c2
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e31dd7 5 bytes JMP 0000000171161014
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e32ab1 5 bytes JMP 0000000171161555
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e32d17 5 bytes JMP 0000000171161271
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000775c8a29 5 bytes JMP 0000000171161726
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000775d4572 5 bytes JMP 00000001711610a0
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000775ee567 5 bytes JMP 0000000171161415
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077627a5c 5 bytes JMP 00000001711615d2
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e96b 5 bytes JMP 00000001711615c3
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640eba5 5 bytes JMP 0000000171161186
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765b5ea5 5 bytes JMP 00000001711615fa
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2100] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 5 bytes JMP 000000017116121c
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2176] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2240] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076991465 2 bytes [99, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769914bb 2 bytes [99, 76]
.text ... * 2
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2272] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2308] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076991465 2 bytes [99, 76]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769914bb 2 bytes [99, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2332] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2384] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2436] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2484] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076991465 2 bytes [99, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769914bb 2 bytes [99, 76]
.text ... * 2
.text C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe[2588] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3204] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3204] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3204] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3204] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3204] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3204] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3204] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3204] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3204] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3204] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3204] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3204] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3204] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3204] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3204] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3204] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef8332460 5 bytes JMP 000007fefd9f02d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3204] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef83696b0 6 bytes JMP 000007fefd9f0298
.text C:\Windows\system32\conhost.exe[3212] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\system32\Dwm.exe[3264] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Windows\system32\Dwm.exe[3264] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\Dwm.exe[3264] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Windows\system32\Dwm.exe[3264] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\Dwm.exe[3264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\system32\Dwm.exe[3264] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\Dwm.exe[3264] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\Dwm.exe[3264] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\Dwm.exe[3264] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\Dwm.exe[3264] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Windows\system32\Dwm.exe[3264] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Windows\system32\Dwm.exe[3264] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Windows\system32\Dwm.exe[3264] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Windows\system32\Dwm.exe[3264] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Windows\system32\Dwm.exe[3264] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Windows\system32\Dwm.exe[3264] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef6fddc88 5 bytes JMP 000007fff6dd00d8
.text C:\Windows\system32\Dwm.exe[3264] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef6fdde10 5 bytes JMP 000007fff6dd0110
.text C:\Windows\Explorer.EXE[3300] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076481f0e 7 bytes JMP 0000000171161695
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076485bad 7 bytes JMP 00000001711611a9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076491409 7 bytes JMP 000000017116128a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ea45 7 bytes JMP 0000000171161244
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000764ab21b 5 bytes JMP 00000001711615aa
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528e24 7 bytes JMP 0000000171161339
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528ea9 5 bytes JMP 00000001711616d6
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000765291ff 5 bytes JMP 000000017116170d
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e31d29 5 bytes JMP 00000001711611c2
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e31dd7 5 bytes JMP 0000000171161014
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e32ab1 5 bytes JMP 0000000171161555
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e32d17 5 bytes JMP 0000000171161271
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000775c8a29 5 bytes JMP 0000000171161726
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000775d4572 5 bytes JMP 00000001711610a0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000775ee567 5 bytes JMP 0000000171161415
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077627a5c 5 bytes JMP 00000001711615d2
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e96b 5 bytes JMP 00000001711615c3
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640eba5 5 bytes JMP 0000000171161186
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765b5ea5 5 bytes JMP 00000001711615fa
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 5 bytes JMP 000000017116121c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076991465 2 bytes [99, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769914bb 2 bytes [99, 76]
.text ... * 2
.text C:\Windows\system32\taskhost.exe[3468] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\System32\rundll32.exe[3572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\System32\igfxtray.exe[3944] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\System32\hkcmd.exe[3952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[3964] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Windows\System32\igfxpers.exe[3964] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[3964] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Windows\System32\igfxpers.exe[3964] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[3964] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[3964] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[3964] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[3964] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[3964] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Windows\System32\igfxpers.exe[3964] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Windows\System32\igfxpers.exe[3964] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Windows\System32\igfxpers.exe[3964] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Windows\System32\igfxpers.exe[3964] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Windows\System32\igfxpers.exe[3964] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Windows\System32\igfxpers.exe[3964] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Windows\System32\igfxpers.exe[3964] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9f7490 11 bytes JMP 000007fffd9f0228
.text C:\Windows\System32\igfxpers.exe[3964] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffa0bf00 7 bytes JMP 000007fffd9f0260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4080] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4080] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4080] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4080] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4080] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4080] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4080] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4080] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4080] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4080] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4080] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4080] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4080] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9f7490 11 bytes JMP 000007fffd9f0228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4080] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffa0bf00 7 bytes JMP 000007fffd9f0260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3364] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3364] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3364] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3364] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3364] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3364] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3364] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3364] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3364] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3364] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3364] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3364] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3364] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3364] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9f7490 11 bytes JMP 000007fffd9f0228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3364] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffa0bf00 7 bytes JMP 000007fffd9f0260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3364] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3364] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Program Files\Apoint2K\Apoint.exe[1640] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Program Files\Apoint2K\Apoint.exe[1640] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Apoint2K\Apoint.exe[1640] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Apoint2K\Apoint.exe[1640] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Apoint2K\Apoint.exe[1640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files\Apoint2K\Apoint.exe[1640] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Apoint2K\Apoint.exe[1640] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Apoint2K\Apoint.exe[1640] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Program Files\Apoint2K\Apoint.exe[1640] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Apoint2K\Apoint.exe[1640] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Program Files\Apoint2K\Apoint.exe[1640] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Program Files\Apoint2K\Apoint.exe[1640] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Program Files\Apoint2K\Apoint.exe[1640] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Program Files\Apoint2K\Apoint.exe[1640] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Program Files\Apoint2K\Apoint.exe[1640] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Program Files\Apoint2K\Apoint.exe[1640] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9f7490 11 bytes JMP 000007fffd9f0228
.text C:\Program Files\Apoint2K\Apoint.exe[1640] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffa0bf00 7 bytes JMP 000007fffd9f0260
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4028] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4028] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4028] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4028] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4028] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4028] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4028] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4028] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4028] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4028] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4028] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4028] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4028] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9f7490 11 bytes JMP 000007fffd9f0228
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4028] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffa0bf00 7 bytes JMP 000007fffd9f0260
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4032] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4032] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4032] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4032] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4032] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4032] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4032] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4032] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4032] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4032] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4032] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4032] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4100] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4100] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4100] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4100] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4100] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4100] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4100] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4100] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4100] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4100] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4100] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4100] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4100] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4100] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4100] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9f7490 11 bytes JMP 000007fffd9f0228
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4100] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffa0bf00 7 bytes JMP 000007fffd9f0260
.text C:\Program Files\Apoint2K\Apntex.exe[4156] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Program Files\Apoint2K\Apntex.exe[4156] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Apoint2K\Apntex.exe[4156] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Apoint2K\Apntex.exe[4156] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Apoint2K\Apntex.exe[4156] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files\Apoint2K\Apntex.exe[4156] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Apoint2K\Apntex.exe[4156] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Apoint2K\Apntex.exe[4156] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Program Files\Apoint2K\Apntex.exe[4156] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Apoint2K\Apntex.exe[4156] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Program Files\Apoint2K\Apntex.exe[4156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Program Files\Apoint2K\Apntex.exe[4156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Program Files\Apoint2K\Apntex.exe[4156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Program Files\Apoint2K\Apntex.exe[4156] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Program Files\Apoint2K\Apntex.exe[4156] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Windows\system32\conhost.exe[4172] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files\Apoint2K\HidFind.exe[4204] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Program Files\Apoint2K\HidFind.exe[4204] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Apoint2K\HidFind.exe[4204] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Apoint2K\HidFind.exe[4204] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Apoint2K\HidFind.exe[4204] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files\Apoint2K\HidFind.exe[4204] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Apoint2K\HidFind.exe[4204] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Apoint2K\HidFind.exe[4204] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Program Files\Apoint2K\HidFind.exe[4204] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Apoint2K\HidFind.exe[4204] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Program Files\Apoint2K\HidFind.exe[4204] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Program Files\Apoint2K\HidFind.exe[4204] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Program Files\Apoint2K\HidFind.exe[4204] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Program Files\Apoint2K\HidFind.exe[4204] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Program Files\Apoint2K\HidFind.exe[4204] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4212] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4212] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4212] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4212] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4212] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4212] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4212] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4212] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4212] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4212] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4212] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4212] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4212] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4212] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4212] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4212] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9f7490 11 bytes JMP 000007fffd9f0228
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4212] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffa0bf00 7 bytes JMP 000007fffd9f0260
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076481f0e 7 bytes JMP 0000000171161695
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076485bad 7 bytes JMP 00000001711611a9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076491409 7 bytes JMP 000000017116128a
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ea45 7 bytes JMP 0000000171161244
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000764ab21b 5 bytes JMP 00000001711615aa
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528e24 7 bytes JMP 0000000171161339
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528ea9 5 bytes JMP 00000001711616d6
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000765291ff 5 bytes JMP 000000017116170d
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e31d29 5 bytes JMP 00000001711611c2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e31dd7 5 bytes JMP 0000000171161014
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e32ab1 5 bytes JMP 0000000171161555
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e32d17 5 bytes JMP 0000000171161271
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e96b 5 bytes JMP 00000001711615c3
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640eba5 5 bytes JMP 0000000171161186
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000775c8a29 5 bytes JMP 0000000171161726
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000775d4572 5 bytes JMP 00000001711610a0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000775ee567 5 bytes JMP 0000000171161415
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077627a5c 5 bytes JMP 00000001711615d2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765b5ea5 5 bytes JMP 00000001711615fa
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4268] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 5 bytes JMP 000000017116121c
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4552] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4552] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4552] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4552] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4552] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4552] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4552] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4552] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4552] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4552] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4552] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4552] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4552] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4552] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4560] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4560] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4560] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4560] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4560] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4560] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4560] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4560] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4560] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4560] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4560] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4560] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4560] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4560] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076481f0e 7 bytes JMP 0000000171161695
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076485bad 7 bytes JMP 00000001711611a9
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076491409 7 bytes JMP 000000017116128a
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ea45 7 bytes JMP 0000000171161244
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000764ab21b 5 bytes JMP 00000001711615aa
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528e24 7 bytes JMP 0000000171161339
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528ea9 5 bytes JMP 00000001711616d6
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000765291ff 5 bytes JMP 000000017116170d
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e31d29 5 bytes JMP 00000001711611c2
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e31dd7 5 bytes JMP 0000000171161014
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e32ab1 5 bytes JMP 0000000171161555
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e32d17 5 bytes JMP 0000000171161271
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000775c8a29 5 bytes JMP 0000000171161726
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000775d4572 5 bytes JMP 00000001711610a0
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000775ee567 5 bytes JMP 0000000171161415
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077627a5c 5 bytes JMP 00000001711615d2
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e96b 5 bytes JMP 00000001711615c3
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640eba5 5 bytes JMP 0000000171161186
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765b5ea5 5 bytes JMP 00000001711615fa
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 5 bytes JMP 000000017116121c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076991465 2 bytes [99, 76]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769914bb 2 bytes [99, 76]
.text ... * 2
.text C:\Dolby PCEE4\pcee4.exe[4840] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 00000000776ba400 7 bytes JMP 000000016fff0260
.text C:\Dolby PCEE4\pcee4.exe[4840] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 00000000776c3f20 5 bytes JMP 000000016fff01b8
.text C:\Dolby PCEE4\pcee4.exe[4840] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 00000000776dffb0 5 bytes JMP 000000016fff01f0
.text C:\Dolby PCEE4\pcee4.exe[4840] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00000000776ef2e0 5 bytes JMP 000000016fff0148
.text C:\Dolby PCEE4\pcee4.exe[4840] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007770ef8d 1 byte [62]
.text C:\Dolby PCEE4\pcee4.exe[4840] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000077719a30 7 bytes JMP 000000016fff00d8
.text C:\Dolby PCEE4\pcee4.exe[4840] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000777294c0 5 bytes JMP 000000016fff0180
.text C:\Dolby PCEE4\pcee4.exe[4840] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 0000000077729630 5 bytes JMP 000000016fff0110
.text C:\Dolby PCEE4\pcee4.exe[4840] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00000000777487e0 7 bytes JMP 000000016fff0228
.text C:\Dolby PCEE4\pcee4.exe[4840] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda02db0 5 bytes JMP 000007fffd9f0180
.text C:\Dolby PCEE4\pcee4.exe[4840] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda037d0 7 bytes JMP 000007fffd9f00d8
.text C:\Dolby PCEE4\pcee4.exe[4840] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda08ef0 6 bytes JMP 000007fffd9f0148
.text C:\Dolby PCEE4\pcee4.exe[4840] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda1af60 5 bytes JMP 000007fffd9f0110
.text C:\Dolby PCEE4\pcee4.exe[4840] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89e0 8 bytes JMP 000007fffd9f01f0
.text C:\Dolby PCEE4\pcee4.exe[4840] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd9f01b8
.text C:\Dolby PCEE4\pcee4.exe[4840] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9f7490 11 bytes JMP 000007fffd9f0228
.text C:\Dolby PCEE4\pcee4.exe[4840] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffa0bf00 7 bytes JMP 000007fffd9f0260
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076481f0e 7 bytes JMP 0000000171161695
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076485bad 7 bytes JMP 00000001711611a9
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076491409 7 bytes JMP 000000017116128a
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ea45 7 bytes JMP 0000000171161244
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764aa2fd 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000764ab21b 5 bytes JMP 00000001711615aa
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528e24 7 bytes JMP 0000000171161339
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528ea9 5 bytes JMP 00000001711616d6
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000765291ff 5 bytes JMP 000000017116170d
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e31d29 5 bytes JMP 00000001711611c2
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e31dd7 5 bytes JMP 0000000171161014
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e32ab1 5 bytes JMP 0000000171161555
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e32d17 5 bytes JMP 0000000171161271
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e96b 5 bytes JMP 00000001711615c3
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640eba5 5 bytes JMP 0000000171161186
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000775c8a29 5 bytes JMP 0000000171161726
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000775d4572 5 bytes JMP 00000001711610a0
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000775ee567 5 bytes JMP 0000000171161415
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077627a5c 5 bytes JMP 00000001711615d2
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765b5ea5 5 bytes JMP 00000001711615fa
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 5 bytes JMP 000000017116121c
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076991465 2 bytes [99, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769914bb 2 bytes [99, 76]
.text ...
27.05.2014, 20:40
Baum-Darstellung