GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-25 00:03:41 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM641JI rev.2AJ10001 596,17GB Running: obzjk1ce.exe; Driver: C:\Users\MEDION\AppData\Local\Temp\uxdiypod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002bb4000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002bb402f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\Dwm.exe[1464] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd672db0 5 bytes JMP 000007fffd660180 .text C:\Windows\system32\Dwm.exe[1464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6737d0 7 bytes JMP 000007fffd6600d8 .text C:\Windows\system32\Dwm.exe[1464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd678ef0 6 bytes JMP 000007fffd660148 .text C:\Windows\system32\Dwm.exe[1464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd68af60 5 bytes JMP 000007fffd660110 .text C:\Windows\system32\Dwm.exe[1464] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef189e0 8 bytes JMP 000007fffd6601f0 .text C:\Windows\system32\Dwm.exe[1464] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef1be40 8 bytes JMP 000007fffd6601b8 .text C:\Windows\system32\Dwm.exe[1464] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef6c4dc88 5 bytes JMP 000007fff6a400d8 .text C:\Windows\system32\Dwm.exe[1464] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef6c4de10 5 bytes JMP 000007fff6a40110 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075f01eee 7 bytes JMP 0000000174273550 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075f05b85 7 bytes JMP 00000001742737f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075f113e1 7 bytes JMP 0000000174273650 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075f1ea0d 7 bytes JMP 0000000174273540 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075fa88b4 7 bytes JMP 0000000174273310 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075fa8939 5 bytes JMP 00000001742733c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075fa8c8f 5 bytes JMP 0000000174273320 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c71d1b 5 bytes JMP 00000001742732b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c71dc9 5 bytes JMP 0000000174273270 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c72aa4 5 bytes JMP 00000001742733d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c72d0a 5 bytes JMP 00000001742730b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077118a29 5 bytes JMP 0000000174272c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077124572 5 bytes JMP 0000000174273030 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007713e567 5 bytes JMP 00000001742730a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077177a5c 5 bytes JMP 0000000174273020 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007521e96b 5 bytes JMP 0000000174272cd0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007521eba5 5 bytes JMP 0000000174272ce0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076fb5ea5 5 bytes JMP 0000000174272c20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2540] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fe9d0b 5 bytes JMP 0000000174272bb0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2548] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd672db0 5 bytes JMP 000007fffd650180 .text C:\Program Files\Microsoft Security Client\msseces.exe[2548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6737d0 7 bytes JMP 000007fffd6500d8 .text C:\Program Files\Microsoft Security Client\msseces.exe[2548] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd678ef0 6 bytes JMP 000007fffd650148 .text C:\Program Files\Microsoft Security Client\msseces.exe[2548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd68af60 5 bytes JMP 000007fffd650110 .text C:\Program Files\Microsoft Security Client\msseces.exe[2548] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefa7490 11 bytes JMP 000007fffd650228 .text C:\Program Files\Microsoft Security Client\msseces.exe[2548] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefbbf00 7 bytes JMP 000007fffd650260 .text C:\Program Files\Microsoft Security Client\msseces.exe[2548] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef189e0 8 bytes JMP 000007fffd6501f0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2548] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef1be40 8 bytes JMP 000007fffd6501b8 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075f01eee 7 bytes JMP 0000000174273550 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075f05b85 7 bytes JMP 00000001742737f0 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075f113e1 7 bytes JMP 0000000174273650 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075f1ea0d 7 bytes JMP 0000000174273540 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075fa88b4 7 bytes JMP 0000000174273310 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075fa8939 5 bytes JMP 00000001742733c0 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075fa8c8f 5 bytes JMP 0000000174273320 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c71d1b 5 bytes JMP 00000001742732b0 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c71dc9 5 bytes JMP 0000000174273270 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c72aa4 5 bytes JMP 00000001742733d0 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c72d0a 5 bytes JMP 00000001742730b0 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076fb5ea5 5 bytes JMP 0000000174272c20 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fe9d0b 5 bytes JMP 0000000174272bb0 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007521e96b 5 bytes JMP 0000000174272cd0 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007521eba5 5 bytes JMP 0000000174272ce0 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077118a29 5 bytes JMP 0000000174272c60 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077124572 5 bytes JMP 0000000174273030 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007713e567 5 bytes JMP 00000001742730a0 .text C:\Windows\PLFSetL.exe[2556] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077177a5c 5 bytes JMP 0000000174273020 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075f01eee 7 bytes JMP 0000000174273550 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075f05b85 7 bytes JMP 00000001742737f0 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075f113e1 7 bytes JMP 0000000174273650 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075f1ea0d 7 bytes JMP 0000000174273540 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075fa88b4 7 bytes JMP 0000000174273310 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075fa8939 5 bytes JMP 00000001742733c0 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075fa8c8f 5 bytes JMP 0000000174273320 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c71d1b 5 bytes JMP 00000001742732b0 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c71dc9 5 bytes JMP 0000000174273270 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c72aa4 5 bytes JMP 00000001742733d0 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c72d0a 5 bytes JMP 00000001742730b0 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077118a29 5 bytes JMP 0000000174272c60 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077124572 5 bytes JMP 0000000174273030 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007713e567 5 bytes JMP 00000001742730a0 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077177a5c 5 bytes JMP 0000000174273020 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007521e96b 5 bytes JMP 0000000174272cd0 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007521eba5 5 bytes JMP 0000000174272ce0 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076fb5ea5 5 bytes JMP 0000000174272c20 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fe9d0b 5 bytes JMP 0000000174272bb0 .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000738711a8 2 bytes [87, 73] .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000738713a8 2 bytes [87, 73] .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000073871422 2 bytes [87, 73] .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000073871498 2 bytes [87, 73] .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000073571b41 2 bytes [57, 73] .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000073571be8 2 bytes [57, 73] .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000073571c20 2 bytes [57, 73] .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000073571cd2 2 bytes [57, 73] .text C:\Windows\snuvcdsm.exe[2564] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000073571cf2 2 bytes [57, 73] .text C:\Windows\System32\igfxpers.exe[2588] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773baf40 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\igfxpers.exe[2588] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773c4a60 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[2588] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773e2990 5 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[2588] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773eefe0 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[2588] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774199b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[2588] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774294d0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[2588] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007744a500 7 bytes JMP 000000016fff01f0 .text C:\Windows\System32\igfxpers.exe[2588] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd672db0 5 bytes JMP 000007fffd660180 .text C:\Windows\System32\igfxpers.exe[2588] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6737d0 7 bytes JMP 000007fffd6600d8 .text C:\Windows\System32\igfxpers.exe[2588] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd678ef0 6 bytes JMP 000007fffd660148 .text C:\Windows\System32\igfxpers.exe[2588] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd68af60 5 bytes JMP 000007fffd660110 .text C:\Windows\System32\igfxpers.exe[2588] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef189e0 8 bytes JMP 000007fffd6601f0 .text C:\Windows\System32\igfxpers.exe[2588] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef1be40 8 bytes JMP 000007fffd6601b8 .text C:\Windows\System32\igfxpers.exe[2588] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefa7490 11 bytes JMP 000007fffd660228 .text C:\Windows\System32\igfxpers.exe[2588] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefbbf00 7 bytes JMP 000007fffd660260 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075f01eee 7 bytes JMP 0000000174273550 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075f05b85 7 bytes JMP 00000001742737f0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075f113e1 7 bytes JMP 0000000174273650 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075f1ea0d 7 bytes JMP 0000000174273540 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075fa88b4 7 bytes JMP 0000000174273310 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075fa8939 5 bytes JMP 00000001742733c0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075fa8c8f 5 bytes JMP 0000000174273320 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c71d1b 5 bytes JMP 00000001742732b0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c71dc9 5 bytes JMP 0000000174273270 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c72aa4 5 bytes JMP 00000001742733d0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c72d0a 5 bytes JMP 00000001742730b0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007521e96b 5 bytes JMP 0000000174272cd0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007521eba5 5 bytes JMP 0000000174272ce0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077118a29 5 bytes JMP 0000000174272c60 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077124572 5 bytes JMP 0000000174273030 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007713e567 5 bytes JMP 00000001742730a0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077177a5c 5 bytes JMP 0000000174273020 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076fb5ea5 5 bytes JMP 0000000174272c20 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2912] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fe9d0b 5 bytes JMP 0000000174272bb0 .text C:\Windows\system32\taskeng.exe[3392] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd672db0 5 bytes JMP 000007fffd660180 .text C:\Windows\system32\taskeng.exe[3392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6737d0 7 bytes JMP 000007fffd6600d8 .text C:\Windows\system32\taskeng.exe[3392] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd678ef0 6 bytes JMP 000007fffd660148 .text C:\Windows\system32\taskeng.exe[3392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd68af60 5 bytes JMP 000007fffd660110 .text C:\Windows\system32\taskeng.exe[3392] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef189e0 8 bytes JMP 000007fffd6601f0 .text C:\Windows\system32\taskeng.exe[3392] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef1be40 8 bytes JMP 000007fffd6601b8 .text C:\Windows\system32\taskeng.exe[3392] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefa7490 11 bytes JMP 000007fffd660228 .text C:\Windows\system32\taskeng.exe[3392] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefbbf00 7 bytes JMP 000007fffd660260 .text C:\Users\MEDION\Downloads\obzjk1ce.exe[824] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075f01eee 7 bytes JMP 0000000174273550 .text C:\Users\MEDION\Downloads\obzjk1ce.exe[824] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075f05b85 7 bytes JMP 00000001742737f0 .text C:\Users\MEDION\Downloads\obzjk1ce.exe[824] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075f113e1 7 bytes JMP 0000000174273650 .text C:\Users\MEDION\Downloads\obzjk1ce.exe[824] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075f1ea0d 7 bytes JMP 0000000174273540 .text C:\Users\MEDION\Downloads\obzjk1ce.exe[824] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075fa88b4 7 bytes JMP 0000000174273310 .text C:\Users\MEDION\Downloads\obzjk1ce.exe[824] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075fa8939 5 bytes JMP 00000001742733c0 .text C:\Users\MEDION\Downloads\obzjk1ce.exe[824] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075fa8c8f 5 bytes JMP 0000000174273320 .text C:\Users\MEDION\Downloads\obzjk1ce.exe[824] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c71d1b 5 bytes JMP 00000001742732b0 .text C:\Users\MEDION\Downloads\obzjk1ce.exe[824] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c71dc9 5 bytes JMP 0000000174273270 .text C:\Users\MEDION\Downloads\obzjk1ce.exe[824] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c72aa4 5 bytes JMP 00000001742733d0 .text C:\Users\MEDION\Downloads\obzjk1ce.exe[824] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c72d0a 5 bytes JMP 00000001742730b0 .text C:\Users\MEDION\Downloads\obzjk1ce.exe[824] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007521e96b 5 bytes JMP 0000000174272cd0 .text C:\Users\MEDION\Downloads\obzjk1ce.exe[824] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007521eba5 5 bytes JMP 0000000174272ce0 .text C:\Users\MEDION\Downloads\obzjk1ce.exe[824] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077118a29 5 bytes JMP 0000000174272c60 .text C:\Users\MEDION\Downloads\obzjk1ce.exe[824] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077124572 5 bytes JMP 0000000174273030 .text C:\Users\MEDION\Downloads\obzjk1ce.exe[824] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007713e567 5 bytes JMP 00000001742730a0 .text C:\Users\MEDION\Downloads\obzjk1ce.exe[824] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077177a5c 5 bytes JMP 0000000174273020 ---- EOF - GMER 2.1 ----