GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-06-20 11:24:44 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000004e GOODRAM rev.SAFM12.2 223,57GB Running: npizlbk3.exe; Driver: C:\Users\Kacper\AppData\Local\Temp\uxroqfow.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960001f4400 15 bytes [00, 58, F1, 01, C0, 46, 6B, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff960001f4410 9 bytes [00, C5, FB, FF, C0, 46, CA, ...] ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe3bab3e10 7 bytes JMP 00007ffe39430260 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe3bab3e20 7 bytes JMP 00007ffe39430298 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe3bb639b0 7 bytes JMP 00007ffe39430340 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe3bb63ef0 7 bytes JMP 00007ffe394302d0 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe3bb63fe0 7 bytes JMP 00007ffe39430308 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe3bb906c0 7 bytes JMP 00007ffe394301f0 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe3bb90730 7 bytes JMP 00007ffe39430228 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe394421d0 5 bytes JMP 00007ffe39430180 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe394429d0 7 bytes JMP 00007ffe394300d8 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe39444310 5 bytes JMP 00007ffe39430110 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe39448c40 5 bytes JMP 00007ffe39430148 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe394bebc0 1 byte JMP 00007ffe394301b8 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffe394bebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe39bc9920 10 bytes JMP 00007ffe39430458 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe39bd4430 5 bytes JMP 00007ffe394303e8 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe39bd44f0 1 byte JMP 00007ffe39430378 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffe39bd44f2 7 bytes {JMP 0xffffffffff85be88} .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe39be3b80 5 bytes JMP 00007ffe394303b0 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe39be5cd0 5 bytes JMP 00007ffe39430420 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe3bc01500 1 byte JMP 00007ffe39430490 .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe3bc01502 6 bytes {JMP 0xfffffffffd82ef90} .text C:\Windows\system32\dwm.exe[912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe3bc01750 8 bytes JMP 00007ffe394304c8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe3bab3e10 7 bytes JMP 00007ffe39430260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe3bab3e20 7 bytes JMP 00007ffe39430298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe3bb639b0 7 bytes JMP 00007ffe39430340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe3bb63ef0 7 bytes JMP 00007ffe394302d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe3bb63fe0 7 bytes JMP 00007ffe39430308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe3bb906c0 7 bytes JMP 00007ffe394301f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe3bb90730 7 bytes JMP 00007ffe39430228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe394421d0 5 bytes JMP 00007ffe39430180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe394429d0 7 bytes JMP 00007ffe394300d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe39444310 5 bytes JMP 00007ffe39430110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe39448c40 5 bytes JMP 00007ffe39430148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe394bebc0 1 byte JMP 00007ffe394301b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffe394bebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe3c01d050 7 bytes JMP 00007ffe39430500 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe3c04b160 5 bytes JMP 00007ffe39430538 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe39bc9920 10 bytes JMP 00007ffe39430458 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe39bd4430 5 bytes JMP 00007ffe394303e8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe39bd44f0 1 byte JMP 00007ffe39430378 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffe39bd44f2 7 bytes {JMP 0xffffffffff85be88} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe39be3b80 5 bytes JMP 00007ffe394303b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe39be5cd0 5 bytes JMP 00007ffe39430420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe3bc01500 1 byte JMP 00007ffe39430490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe3bc01502 6 bytes {JMP 0xfffffffffd82ef90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[944] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe3bc01750 8 bytes JMP 00007ffe394304c8 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe3bab3e10 7 bytes JMP 00007ffe39430260 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe3bab3e20 7 bytes JMP 00007ffe39430298 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe3bb639b0 7 bytes JMP 00007ffe39430340 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe3bb63ef0 7 bytes JMP 00007ffe394302d0 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe3bb63fe0 7 bytes JMP 00007ffe39430308 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe3bb906c0 7 bytes JMP 00007ffe394301f0 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe3bb90730 7 bytes JMP 00007ffe39430228 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe394421d0 5 bytes JMP 00007ffe39430180 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe394429d0 7 bytes JMP 00007ffe394300d8 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe39444310 5 bytes JMP 00007ffe39430110 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe39448c40 5 bytes JMP 00007ffe39430148 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe394bebc0 1 byte JMP 00007ffe394301b8 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffe394bebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffe39bc9920 10 bytes JMP 00007ffe39430458 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffe39bd4430 5 bytes JMP 00007ffe394303e8 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffe39bd44f0 1 byte JMP 00007ffe39430378 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo + 2 00007ffe39bd44f2 7 bytes {JMP 0xffffffffff85be88} .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffe39be3b80 5 bytes JMP 00007ffe394303b0 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffe39be5cd0 5 bytes JMP 00007ffe39430420 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe3bc01500 1 byte JMP 00007ffe39430490 .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe3bc01502 6 bytes {JMP 0xfffffffffd82ef90} .text C:\Windows\system32\DllHost.exe[4712] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe3bc01750 8 bytes JMP 00007ffe394304c8 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe3bab3e10 7 bytes JMP 00007ffe39430260 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe3bab3e20 7 bytes JMP 00007ffe39430298 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe3bb639b0 7 bytes JMP 00007ffe39430340 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe3bb63ef0 7 bytes JMP 00007ffe394302d0 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe3bb63fe0 7 bytes JMP 00007ffe39430308 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe3bb906c0 7 bytes JMP 00007ffe394301f0 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe3bb90730 7 bytes JMP 00007ffe39430228 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe394421d0 5 bytes JMP 00007ffe39430180 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe394429d0 7 bytes JMP 00007ffe394300d8 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe39444310 5 bytes JMP 00007ffe39430110 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe39448c40 5 bytes JMP 00007ffe39430148 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe394bebc0 1 byte JMP 00007ffe394301b8 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffe394bebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffe39bc9920 10 bytes JMP 00007ffe39430458 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffe39bd4430 5 bytes JMP 00007ffe394303e8 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffe39bd44f0 1 byte JMP 00007ffe39430378 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo + 2 00007ffe39bd44f2 7 bytes {JMP 0xffffffffff85be88} .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffe39be3b80 5 bytes JMP 00007ffe394303b0 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffe39be5cd0 5 bytes JMP 00007ffe39430420 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe3bc01500 1 byte JMP 00007ffe39430490 .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe3bc01502 6 bytes {JMP 0xfffffffffd82ef90} .text C:\Windows\system32\taskhostex.exe[4696] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe3bc01750 8 bytes JMP 00007ffe394304c8 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe3bab3e10 7 bytes JMP 00007ffe39430260 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe3bab3e20 7 bytes JMP 00007ffe39430298 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe3bb639b0 7 bytes JMP 00007ffe39430340 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe3bb63ef0 7 bytes JMP 00007ffe394302d0 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe3bb63fe0 7 bytes JMP 00007ffe39430308 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe3bb906c0 7 bytes JMP 00007ffe394301f0 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe3bb90730 7 bytes JMP 00007ffe39430228 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe394421d0 5 bytes JMP 00007ffe39430180 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe394429d0 7 bytes JMP 00007ffe394300d8 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe39444310 5 bytes JMP 00007ffe39430110 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe39448c40 5 bytes JMP 00007ffe39430148 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe394bebc0 1 byte JMP 00007ffe394301b8 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffe394bebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe39bc9920 10 bytes JMP 00007ffe39430458 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe39bd4430 5 bytes JMP 00007ffe394303e8 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe39bd44f0 1 byte JMP 00007ffe39430378 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffe39bd44f2 7 bytes {JMP 0xffffffffff85be88} .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe39be3b80 5 bytes JMP 00007ffe394303b0 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe39be5cd0 5 bytes JMP 00007ffe39430420 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe3bc01500 1 byte JMP 00007ffe39430490 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe3bc01502 6 bytes {JMP 0xfffffffffd82ef90} .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe3bc01750 8 bytes JMP 00007ffe394304c8 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe3c01d050 7 bytes JMP 00007ffe39430500 .text C:\Windows\System32\igfxpers.exe[5588] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe3c04b160 5 bytes JMP 00007ffe39430538 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe3bab3e10 7 bytes JMP 00007ffe39430260 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe3bab3e20 7 bytes JMP 00007ffe39430298 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe3bb639b0 7 bytes JMP 00007ffe39430340 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe3bb63ef0 7 bytes JMP 00007ffe394302d0 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe3bb63fe0 7 bytes JMP 00007ffe39430308 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe3bb906c0 7 bytes JMP 00007ffe394301f0 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe3bb90730 7 bytes JMP 00007ffe39430228 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe394421d0 5 bytes JMP 00007ffe39430180 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe394429d0 7 bytes JMP 00007ffe394300d8 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe39444310 5 bytes JMP 00007ffe39430110 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe39448c40 5 bytes JMP 00007ffe39430148 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe394bebc0 1 byte JMP 00007ffe394301b8 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffe394bebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe39bc9920 10 bytes JMP 00007ffe39430458 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe39bd4430 5 bytes JMP 00007ffe394303e8 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe39bd44f0 1 byte JMP 00007ffe39430378 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffe39bd44f2 7 bytes {JMP 0xffffffffff85be88} .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe39be3b80 5 bytes JMP 00007ffe394303b0 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe39be5cd0 5 bytes JMP 00007ffe39430420 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe3bc01500 1 byte JMP 00007ffe39430490 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe3bc01502 6 bytes {JMP 0xfffffffffd82ef90} .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe3bc01750 8 bytes JMP 00007ffe394304c8 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe3c01d050 7 bytes JMP 00007ffe39430500 .text C:\Program Files\Elantech\ETDCtrl.exe[5672] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe3c04b160 5 bytes JMP 00007ffe39430538 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe3bab3e10 7 bytes JMP 00007ffe39430260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe3bab3e20 7 bytes JMP 00007ffe39430298 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe3bb639b0 7 bytes JMP 00007ffe39430340 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe3bb63ef0 7 bytes JMP 00007ffe394302d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe3bb63fe0 7 bytes JMP 00007ffe39430308 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe3bb906c0 7 bytes JMP 00007ffe394301f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe3bb90730 7 bytes JMP 00007ffe39430228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe394421d0 5 bytes JMP 00007ffe39430180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe394429d0 7 bytes JMP 00007ffe394300d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe39444310 5 bytes JMP 00007ffe39430110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe39448c40 5 bytes JMP 00007ffe39430148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe394bebc0 1 byte JMP 00007ffe394301b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffe394bebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe39bc9920 10 bytes JMP 00007ffe39430458 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe39bd4430 5 bytes JMP 00007ffe394303e8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe39bd44f0 1 byte JMP 00007ffe39430378 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffe39bd44f2 7 bytes {JMP 0xffffffffff85be88} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe39be3b80 5 bytes JMP 00007ffe394303b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe39be5cd0 5 bytes JMP 00007ffe39430420 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe3bc01500 1 byte JMP 00007ffe39430490 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe3bc01502 6 bytes {JMP 0xfffffffffd82ef90} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5784] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe3bc01750 8 bytes JMP 00007ffe394304c8 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe3bab3e10 7 bytes JMP 00007ffe39410260 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe3bab3e20 7 bytes JMP 00007ffe39410298 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe3bb639b0 7 bytes JMP 00007ffe39410340 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe3bb63ef0 7 bytes JMP 00007ffe394102d0 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe3bb63fe0 7 bytes JMP 00007ffe39410308 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe3bb906c0 7 bytes JMP 00007ffe394101f0 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe3bb90730 7 bytes JMP 00007ffe39410228 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe394421d0 5 bytes JMP 00007ffe39410180 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe394429d0 7 bytes JMP 00007ffe394100d8 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe39444310 5 bytes JMP 00007ffe39410110 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe39448c40 5 bytes JMP 00007ffe39410148 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe394bebc0 1 byte JMP 00007ffe394101b8 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffe394bebc2 3 bytes {JMP 0xfffffffffff515f8} .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe39bc9920 10 bytes JMP 00007ffe39410458 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe39bd4430 5 bytes JMP 00007ffe394103e8 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe39bd44f0 1 byte JMP 00007ffe39410378 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffe39bd44f2 7 bytes {JMP 0xffffffffff83be88} .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe39be3b80 5 bytes JMP 00007ffe394103b0 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe39be5cd0 5 bytes JMP 00007ffe39410420 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe3bc01500 1 byte JMP 00007ffe39410490 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe3bc01502 6 bytes {JMP 0xfffffffffd80ef90} .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe3bc01750 8 bytes JMP 00007ffe394104c8 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe3c01d050 7 bytes JMP 00007ffe39410500 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[5828] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe3c04b160 5 bytes JMP 00007ffe39410538 .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe[5932] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072961003 2 bytes [96, 72] .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe[5932] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072961016 2 bytes [96, 72] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5948] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072961003 2 bytes [96, 72] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5948] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072961016 2 bytes [96, 72] .text C:\Windows\SysWOW64\ctfmon.exe[4432] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072961003 2 bytes [96, 72] .text C:\Windows\SysWOW64\ctfmon.exe[4432] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072961016 2 bytes [96, 72] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe3bab3e10 7 bytes JMP 00007ffe39430260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe3bab3e20 7 bytes JMP 00007ffe39430298 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe3bb639b0 7 bytes JMP 00007ffe39430340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe3bb63ef0 7 bytes JMP 00007ffe394302d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe3bb63fe0 7 bytes JMP 00007ffe39430308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe3bb906c0 7 bytes JMP 00007ffe394301f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe3bb90730 7 bytes JMP 00007ffe39430228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe394421d0 5 bytes JMP 00007ffe39430180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe394429d0 7 bytes JMP 00007ffe394300d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe39444310 5 bytes JMP 00007ffe39430110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe39448c40 5 bytes JMP 00007ffe39430148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe394bebc0 1 byte JMP 00007ffe394301b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffe394bebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe39bc9920 10 bytes JMP 00007ffe39430458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe39bd4430 5 bytes JMP 00007ffe394303e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe39bd44f0 1 byte JMP 00007ffe39430378 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffe39bd44f2 7 bytes {JMP 0xffffffffff85be88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe39be3b80 5 bytes JMP 00007ffe394303b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe39be5cd0 5 bytes JMP 00007ffe39430420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe3bc01500 1 byte JMP 00007ffe39430490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe3bc01502 6 bytes {JMP 0xfffffffffd82ef90} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe3bc01750 8 bytes JMP 00007ffe394304c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe3bab3e10 7 bytes JMP 00007ffe39430260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe3bab3e20 7 bytes JMP 00007ffe39430298 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe3bb639b0 7 bytes JMP 00007ffe39430340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe3bb63ef0 7 bytes JMP 00007ffe394302d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe3bb63fe0 7 bytes JMP 00007ffe39430308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe3bb906c0 7 bytes JMP 00007ffe394301f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe3bb90730 7 bytes JMP 00007ffe39430228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe394421d0 5 bytes JMP 00007ffe39430180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe394429d0 7 bytes JMP 00007ffe394300d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe39444310 5 bytes JMP 00007ffe39430110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe39448c40 5 bytes JMP 00007ffe39430148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe394bebc0 1 byte JMP 00007ffe394301b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffe394bebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe39bc9920 10 bytes JMP 00007ffe39430458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe39bd4430 5 bytes JMP 00007ffe394303e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe39bd44f0 1 byte JMP 00007ffe39430378 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffe39bd44f2 7 bytes {JMP 0xffffffffff85be88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe39be3b80 5 bytes JMP 00007ffe394303b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe39be5cd0 5 bytes JMP 00007ffe39430420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe3bc01500 1 byte JMP 00007ffe39430490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe3bc01502 6 bytes {JMP 0xfffffffffd82ef90} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1144] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe3bc01750 8 bytes JMP 00007ffe394304c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe3bab3e10 7 bytes JMP 00007ffe39430260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe3bab3e20 7 bytes JMP 00007ffe39430298 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe3bb639b0 7 bytes JMP 00007ffe39430340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe3bb63ef0 7 bytes JMP 00007ffe394302d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe3bb63fe0 7 bytes JMP 00007ffe39430308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe3bb906c0 7 bytes JMP 00007ffe394301f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe3bb90730 7 bytes JMP 00007ffe39430228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe394421d0 5 bytes JMP 00007ffe39430180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe394429d0 7 bytes JMP 00007ffe394300d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe39444310 5 bytes JMP 00007ffe39430110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe39448c40 5 bytes JMP 00007ffe39430148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe394bebc0 1 byte JMP 00007ffe394301b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffe394bebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe39bc9920 10 bytes JMP 00007ffe39430458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe39bd4430 5 bytes JMP 00007ffe394303e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe39bd44f0 1 byte JMP 00007ffe39430378 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffe39bd44f2 7 bytes {JMP 0xffffffffff85be88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe39be3b80 5 bytes JMP 00007ffe394303b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe39be5cd0 5 bytes JMP 00007ffe39430420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe3bc01500 1 byte JMP 00007ffe39430490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe3bc01502 6 bytes {JMP 0xfffffffffd82ef90} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4252] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe3bc01750 8 bytes JMP 00007ffe394304c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe3bab3e10 7 bytes JMP 00007ffe39410260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe3bab3e20 7 bytes JMP 00007ffe39410298 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe3bb639b0 7 bytes JMP 00007ffe39410340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe3bb63ef0 7 bytes JMP 00007ffe394102d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe3bb63fe0 7 bytes JMP 00007ffe39410308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe3bb906c0 7 bytes JMP 00007ffe394101f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe3bb90730 7 bytes JMP 00007ffe39410228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe394421d0 5 bytes JMP 00007ffe39410180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe394429d0 7 bytes JMP 00007ffe394100d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe39444310 5 bytes JMP 00007ffe39410110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe39448c40 5 bytes JMP 00007ffe39410148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe394bebc0 1 byte JMP 00007ffe394101b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffe394bebc2 3 bytes {JMP 0xfffffffffff515f8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe39bc9920 10 bytes JMP 00007ffe39410458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe39bd4430 5 bytes JMP 00007ffe394103e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe39bd44f0 1 byte JMP 00007ffe39410378 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffe39bd44f2 7 bytes {JMP 0xffffffffff83be88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe39be3b80 5 bytes JMP 00007ffe394103b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffe39be5cd0 5 bytes JMP 00007ffe39410420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe3c01d050 7 bytes JMP 00007ffe39410500 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe3c04b160 5 bytes JMP 00007ffe39410538 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe3bc01500 1 byte JMP 00007ffe39410490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffe3bc01502 6 bytes {JMP 0xfffffffffd80ef90} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe3bc01750 8 bytes JMP 00007ffe394104c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 00007ffe22caead0 5 bytes JMP 00007ffe394105a8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 00007ffe22cdeb90 6 bytes JMP 00007ffe39410570 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\SYSTEM32\dxgi.dll!CreateDXGIFactory 00007ffe36087750 5 bytes JMP 00007ffe360700d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\SYSTEM32\dxgi.dll!CreateDXGIFactory1 00007ffe36088ee0 5 bytes JMP 00007ffe36070110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4156] C:\Windows\SYSTEM32\dxgi.dll!CreateDXGIFactory2 00007ffe3608c650 5 bytes JMP 00007ffe36070148 .text C:\Users\Kacper\Downloads\npizlbk3.exe[800] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072961003 2 bytes [96, 72] .text C:\Users\Kacper\Downloads\npizlbk3.exe[800] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072961016 2 bytes [96, 72] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3084] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3084] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3084] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffe3be0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3084] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3084] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3084] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3084] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3084] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3084] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3084] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3084] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3084] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffe19a52730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3084] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3084] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffe3be0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffe19a52730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6328] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffe3be0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffe19a52730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[424] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[424] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[424] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffe3be0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[424] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[424] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[424] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[424] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[424] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[424] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[424] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[424] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[424] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffe19a52730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[424] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[424] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3220] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3220] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3220] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffe3be0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3220] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3220] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3220] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3220] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3220] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3220] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3220] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3220] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3220] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffe19a52730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3220] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffe3be0006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3220] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffe39d4002c] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [548:572] fffff9600095f2d0 Thread C:\Windows\system32\svchost.exe [100:6056] 00007ffe325c7240 Thread C:\Windows\system32\svchost.exe [100:1072] 00007ffe38ff4ee0 Thread C:\Windows\system32\svchost.exe [100:6224] 00007ffe2ce31050 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [6768:6456] 000000006a1a69b0 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [6768:7080] 0000000067ca5c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [6768:6988] 0000000077554930 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [6768:2084] 0000000067ca5c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [6768:1208] 0000000067ca5c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [6768:6272] 0000000067ca5c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [6768:6656] 0000000067ca5c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [6768:6608] 0000000067ca5c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [6768:6464] 0000000067ca5c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [6768:6312] 0000000067ca5c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [6768:6872] 0000000077554930 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [6768:6176] 0000000077554930 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [6768:6172] 0000000067ca5c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [6768:7068] 0000000077554930 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [6768:5356] 0000000077554930 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [752:4648] 000000006a1a69b0 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [752:2168] 0000000067ca5c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [752:7140] 0000000077554930 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [752:4564] 0000000067ca5c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [752:5824] 0000000067ca5c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [752:4256] 0000000067ca5c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [752:6248] 0000000067ca5c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [752:7016] 0000000067ca5c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [752:4820] 0000000067ca5c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [752:1236] 0000000067ca5c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [752:5004] 0000000067ca5c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [752:768] 0000000077554930 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [752:7020] 0000000077554930 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [752:2748] 0000000077554930 ---- Services - GMER 2.2 ---- Service system32\drivers\ndistpr64.sys (*** hidden *** ) [BOOT] drmkpro64 <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ?????m???????????e??????????Ap???????????\???????????\?????E???F?????F???m???E????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x02 0x22 0xF7 0x8F ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xB9 0xAB 0x8E 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x02 0x22 0xF7 0x8F ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xB9 0xAB 0x8E 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 102 Reg HKLM\SYSTEM\CurrentControlSet\Control\CrashControl@LastCrashTime 0xF3 0xFF 0x90 0x46 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\LGD02DC0_00_07DA_79^43DE932A75FD237B0BDE555D6E837849@Timestamp 0x13 0xBF 0x11 0x61 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 672 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7B7990D2-5CBC-44F5-B41F-4429E0724266}\Connection@Name Reusable ISATAP Interface {7B7990D2-5CBC-44F5-B41F-4429E0724266} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{A5CD0A84-D94E-46BB-B58F-0C1069D74186}\Connection@Name Reusable ISATAP Interface {A5CD0A84-D94E-46BB-B58F-0C1069D74186} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{DEE4CC6B-BC9C-47D7-9E74-7C38DCA0323D}\Connection@Name Reusable ISATAP Interface {DEE4CC6B-BC9C-47D7-9E74-7C38DCA0323D} Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1119993981 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 565eca59-4b21-4088-97e0-72d2555 Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{ee1f0379-ecc4-4575-9041-42cb3b0ba0cc} Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{b8170812-918a-4ea5-81a8-8a239fb256ac}@LastProbeTime 1497952511 Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64@ImagePath system32\drivers\ndistpr64.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64@DisplayName drmkpro64 Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64@Group System Reserved Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64\Instances@DefaultInstance drmkpro64 Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64\Instances\drmkpro64 Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64\Instances\drmkpro64 Instance@Altitude 45666 Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64\Instances\drmkpro64 Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{7B7990D2-5CBC-44F5-B41F-4429E0724266}@InterfaceName Reusable ISATAP Interface {7B7990D2-5CBC-44F5-B41F-4429E0724266} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{7B7990D2-5CBC-44F5-B41F-4429E0724266}@ReusableType 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{7B7990D2-5CBC-44F5-B41F-4429E0724266}@DefunctTimestamp 0x71 0xD4 0x48 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{A5CD0A84-D94E-46BB-B58F-0C1069D74186}@InterfaceName isatap.{49B4D569-2270-4391-A8C4-7472B88F8375} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{A5CD0A84-D94E-46BB-B58F-0C1069D74186}@DefunctTimestamp 0x72 0xD4 0x48 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{DEE4CC6B-BC9C-47D7-9E74-7C38DCA0323D}@InterfaceName Reusable ISATAP Interface {DEE4CC6B-BC9C-47D7-9E74-7C38DCA0323D} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{DEE4CC6B-BC9C-47D7-9E74-7C38DCA0323D}@ReusableType 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\NIPAL@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 29745 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 21338 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 104 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpDomain routerbf734c.com Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 212.51.207.67 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11D4181F-F3A0-4059-AF10-928CF25A55C3}@LeaseObtainedTime 1497945311 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11D4181F-F3A0-4059-AF10-928CF25A55C3}@T1 1497988511 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11D4181F-F3A0-4059-AF10-928CF25A55C3}@T2 1498020911 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11D4181F-F3A0-4059-AF10-928CF25A55C3}@LeaseTerminatesTime 1498031711 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49B4D569-2270-4391-A8C4-7472B88F8375}@LeaseObtainedTime 1497945207 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49B4D569-2270-4391-A8C4-7472B88F8375}@T1 1497946107 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49B4D569-2270-4391-A8C4-7472B88F8375}@T2 1497946782 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49B4D569-2270-4391-A8C4-7472B88F8375}@LeaseTerminatesTime 1497947007 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EC84E770-0159-419F-A067-26F58AB61382}@LeaseObtainedTime 1497945207 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EC84E770-0159-419F-A067-26F58AB61382}@T1 1497946107 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EC84E770-0159-419F-A067-26F58AB61382}@T2 1497946782 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EC84E770-0159-419F-A067-26F58AB61382}@LeaseTerminatesTime 1497947007 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList@MRUList ab Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 1837 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_lktsrv.exe_8f215258a2a65b2368b64c2249af9bca883e6fe_51ac6e2b_00608230 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0x7C 0x02 0x01 0x00 ... ---- Files - GMER 2.2 ---- File C:\Users\Kacper\AppData\Local\llssoft\winvmx\data673\Pepper Data\Shockwave Flash\129F.tmp 0 bytes ---- EOF - GMER 2.2 ----