Logfiles Teil 4: Code:
.text C:\Windows\system32\taskhostex.exe[4260] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Windows\system32\taskhostex.exe[4260] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Windows\system32\taskhostex.exe[4260] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Windows\system32\taskhostex.exe[4260] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[4276] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[4276] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[4276] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[4276] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[4276] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[4276] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[4276] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[4276] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe63170260
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe63170298
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe63170308
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe63170340
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631702d0
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631701f0
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe63170228
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631700d8
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe63170180
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe63170148
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe63170110
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631701b8
.text C:\Windows\Explorer.EXE[4428] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd632e169a 4 bytes [2E, 63, FD, 7F]
.text C:\Windows\Explorer.EXE[4428] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd632e16a2 4 bytes [2E, 63, FD, 7F]
.text C:\Windows\Explorer.EXE[4428] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd632e181a 4 bytes [2E, 63, FD, 7F]
.text C:\Windows\Explorer.EXE[4428] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd632e1832 4 bytes [2E, 63, FD, 7F]
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd652e9318 7 bytes JMP 00007ffe631c0538
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd652ecbe0 7 bytes JMP 00007ffe631c0500
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd652e9318 7 bytes JMP 00007ffe631c0538
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd652ecbe0 7 bytes JMP 00007ffe631c0500
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd652e9318 7 bytes JMP 00007ffe631c0538
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd652ecbe0 7 bytes JMP 00007ffe631c0500
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd652e9318 7 bytes JMP 00007ffe631c0538
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd652ecbe0 7 bytes JMP 00007ffe631c0500
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd632e169a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd632e16a2 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd632e181a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd632e1832 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd652e9318 7 bytes JMP 00007ffe631c0538
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd652ecbe0 7 bytes JMP 00007ffe631c0500
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd632e169a 4 bytes [2E, 63, FD, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd632e16a2 4 bytes [2E, 63, FD, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd632e181a 4 bytes [2E, 63, FD, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd632e1832 4 bytes [2E, 63, FD, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[1496] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe63170420
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[1496] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631703e8
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[1496] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe63170378
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[1496] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631703b0
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[1496] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe63170458
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd652e9318 7 bytes JMP 00007ffe631c0538
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd652ecbe0 7 bytes JMP 00007ffe631c0500
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6896] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd632e169a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6896] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd632e16a2 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6896] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd632e181a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6896] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd632e1832 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd632e169a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd632e16a2 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd632e181a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd632e1832 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[7988] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffd632e169a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[7988] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffd632e16a2 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[7988] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffd632e181a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[7988] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffd632e1832 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[4304] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffd632e169a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[4304] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffd632e16a2 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[4304] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffd632e181a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[4304] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffd632e1832 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNEL32.DLL!SetUnhandledExceptionFilter + 1 00007ffd633a915d 11 bytes {MOV RAX, 0x7ffd3f9f6de0; JMP RAX}
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffd632e169a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffd632e16a2 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffd632e181a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffd632e1832 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffd56c21f6a 4 bytes [C2, 56, FD, 7F]
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffd56c21f82 4 bytes [C2, 56, FD, 7F]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [816:844] fffff960008a5b90
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [7252:7264] 00007ffd658281b0
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [7252:7892] 00007ffd652e0310
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:20 on 12/06/2014 (Georg)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- Logfiles Teil 4: Code:
.text C:\Windows\system32\taskhostex.exe[4260] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Windows\system32\taskhostex.exe[4260] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Windows\system32\taskhostex.exe[4260] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Windows\system32\taskhostex.exe[4260] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[4276] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[4276] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[4276] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[4276] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[4276] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[4276] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[4276] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[4276] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe63170260
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe63170298
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe63170308
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe63170340
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631702d0
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631701f0
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe63170228
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631700d8
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe63170180
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe63170148
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe63170110
.text c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4288] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631701b8
.text C:\Windows\Explorer.EXE[4428] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd632e169a 4 bytes [2E, 63, FD, 7F]
.text C:\Windows\Explorer.EXE[4428] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd632e16a2 4 bytes [2E, 63, FD, 7F]
.text C:\Windows\Explorer.EXE[4428] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd632e181a 4 bytes [2E, 63, FD, 7F]
.text C:\Windows\Explorer.EXE[4428] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd632e1832 4 bytes [2E, 63, FD, 7F]
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Windows\system32\wbem\unsecapp.exe[4944] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd652e9318 7 bytes JMP 00007ffe631c0538
.text C:\Windows\system32\igfxEM.exe[4344] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd652ecbe0 7 bytes JMP 00007ffe631c0500
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd652e9318 7 bytes JMP 00007ffe631c0538
.text C:\Windows\system32\igfxHK.exe[4356] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd652ecbe0 7 bytes JMP 00007ffe631c0500
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd652e9318 7 bytes JMP 00007ffe631c0538
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5688] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd652ecbe0 7 bytes JMP 00007ffe631c0500
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd652e9318 7 bytes JMP 00007ffe631c0538
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[6032] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd652ecbe0 7 bytes JMP 00007ffe631c0500
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd632e169a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd632e16a2 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd632e181a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd632e1832 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd652e9318 7 bytes JMP 00007ffe631c0538
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6044] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd652ecbe0 7 bytes JMP 00007ffe631c0500
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd632e169a 4 bytes [2E, 63, FD, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd632e16a2 4 bytes [2E, 63, FD, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd632e181a 4 bytes [2E, 63, FD, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd632e1832 4 bytes [2E, 63, FD, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3848] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[1496] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe63170420
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[1496] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631703e8
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[1496] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe63170378
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[1496] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631703b0
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[1496] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe63170458
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[5208] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd652e9318 7 bytes JMP 00007ffe631c0538
.text C:\Program Files\McAfee\MAT\McPvTray.exe[4748] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd652ecbe0 7 bytes JMP 00007ffe631c0500
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6896] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd632e169a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6896] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd632e16a2 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6896] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd632e181a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6896] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd632e1832 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd632e169a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd632e16a2 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd632e181a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[6968] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd632e1832 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[7988] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffd632e169a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[7988] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffd632e16a2 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[7988] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffd632e181a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[7988] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffd632e1832 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[4304] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffd632e169a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[4304] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffd632e16a2 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[4304] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffd632e181a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[4304] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffd632e1832 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd633a28c0 7 bytes JMP 00007ffe631c0260
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd633a43d8 7 bytes JMP 00007ffe631c0298
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNEL32.DLL!SetUnhandledExceptionFilter + 1 00007ffd633a915d 11 bytes {MOV RAX, 0x7ffd3f9f6de0; JMP RAX}
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd63451f20 7 bytes JMP 00007ffe631c0308
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd634540b4 7 bytes JMP 00007ffe631c0340
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd63454510 7 bytes JMP 00007ffe631c02d0
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd6347cea0 7 bytes JMP 00007ffe631c01f0
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd6347cf10 7 bytes JMP 00007ffe631c0228
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd631d2300 7 bytes JMP 00007ffe631c00d8
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd631d5770 5 bytes JMP 00007ffe631c0180
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd631d5860 5 bytes JMP 00007ffe631c0148
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd631d5a30 5 bytes JMP 00007ffe631c0110
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd6324a3f0 5 bytes JMP 00007ffe631c01b8
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd654b1500 1 byte JMP 00007ffe631c0490
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd654b1502 6 bytes {JMP 0xfffffffffdd0ef90}
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd654b1750 8 bytes JMP 00007ffe631c04c8
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd634eb6f4 10 bytes JMP 00007ffe631c0420
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd634f45d8 5 bytes JMP 00007ffe631c03e8
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd634f4750 9 bytes JMP 00007ffe631c0378
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd63504fc0 5 bytes JMP 00007ffe631c03b0
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd63505cb0 5 bytes JMP 00007ffe631c0458
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffd632e169a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffd632e16a2 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffd632e181a 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffd632e1832 4 bytes [2E, 63, FD, 7F]
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffd56c21f6a 4 bytes [C2, 56, FD, 7F]
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[7028] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffd56c21f82 4 bytes [C2, 56, FD, 7F]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [816:844] fffff960008a5b90
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [7252:7264] 00007ffd658281b0
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [7252:7892] 00007ffd652e0310
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:20 on 12/06/2014 (Georg)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- |