GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-05 10:21:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB Running: 2vc4bb2p.exe; Driver: C:\Users\KoneQ\AppData\Local\Temp\kwddykog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1356] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007772af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1356] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077734a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1356] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077752990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1356] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007775efe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1356] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777899b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1356] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777994d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1356] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777ba500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1356] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe0f3460 7 bytes JMP 000007fffe0c00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1356] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe0f9940 6 bytes JMP 000007fffe0c0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1356] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe0f9fb0 5 bytes JMP 000007fffe0c0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1356] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe0fa150 5 bytes JMP 000007fffe0c0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1356] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe9789e0 8 bytes JMP 000007fffe0c01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1356] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe97be40 8 bytes JMP 000007fffe0c01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1356] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefea57490 11 bytes JMP 000007fffe0c0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1356] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefea6bf00 7 bytes JMP 000007fffe0c0260 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1712] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000754b87b1 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c01465 2 bytes [C0, 77] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c014bb 2 bytes [C0, 77] .text ... * 2 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe0f3460 7 bytes JMP 000007fffe0c00d8 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe0f9940 6 bytes JMP 000007fffe0c0148 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe0f9fb0 5 bytes JMP 000007fffe0c0180 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe0fa150 5 bytes JMP 000007fffe0c0110 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe9789e0 8 bytes JMP 000007fffe0c01f0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe97be40 8 bytes JMP 000007fffe0c01b8 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef91a4da4 7 bytes JMP 000007fff91900d8 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef91c9af4 7 bytes JMP 000007fff9190110 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f2e 7 bytes JMP 0000000174523dd0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bcd 7 bytes JMP 00000001745240e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1429 7 bytes JMP 0000000174523f10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea5d 7 bytes JMP 0000000174523dc0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000755588f4 7 bytes JMP 0000000174523b50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558979 5 bytes JMP 0000000174523c00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075558ccf 5 bytes JMP 0000000174523b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076fe1d1b 5 bytes JMP 0000000174523b00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076fe1dc9 5 bytes JMP 0000000174523ab0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076fe2aa4 5 bytes JMP 0000000174523c10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076fe2d0a 5 bytes JMP 0000000174523890 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c38a29 5 bytes JMP 0000000174523370 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c44572 5 bytes JMP 0000000174523810 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c5e567 5 bytes JMP 0000000174523880 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c807d7 5 bytes JMP 0000000174523280 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c97a5c 5 bytes JMP 0000000174523800 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b2e9a2 5 bytes JMP 00000001745233e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b2ebdc 5 bytes JMP 00000001745233f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076345ea5 5 bytes JMP 0000000174523320 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076379d0b 5 bytes JMP 00000001745232b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2372] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007772af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2372] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077734a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2372] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077752990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2372] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007775efe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2372] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777899b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2372] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777994d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2372] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777ba500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe0f3460 7 bytes JMP 000007fffe0c00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe0f9940 6 bytes JMP 000007fffe0c0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2372] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe0f9fb0 5 bytes JMP 000007fffe0c0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe0fa150 5 bytes JMP 000007fffe0c0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2372] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe9789e0 8 bytes JMP 000007fffe0c01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2372] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe97be40 8 bytes JMP 000007fffe0c01b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2392] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007772af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2392] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077734a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2392] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077752990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2392] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007775efe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2392] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777899b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2392] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777994d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2392] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000777ba500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe0f3460 7 bytes JMP 000007fffe0c00d8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2392] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe0f9940 6 bytes JMP 000007fffe0c0148 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2392] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe0f9fb0 5 bytes JMP 000007fffe0c0180 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe0fa150 5 bytes JMP 000007fffe0c0110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2392] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe9789e0 8 bytes JMP 000007fffe0c01f0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2392] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe97be40 8 bytes JMP 000007fffe0c01b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2392] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefea57490 11 bytes JMP 000007fffe0c0228 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2392] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefea6bf00 7 bytes JMP 000007fffe0c0260 .text C:\Windows\system32\taskeng.exe[2420] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe0f3460 7 bytes JMP 000007fffe0c00d8 .text C:\Windows\system32\taskeng.exe[2420] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe0f9940 6 bytes JMP 000007fffe0c0148 .text C:\Windows\system32\taskeng.exe[2420] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe0f9fb0 5 bytes JMP 000007fffe0c0180 .text C:\Windows\system32\taskeng.exe[2420] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe0fa150 5 bytes JMP 000007fffe0c0110 .text C:\Windows\system32\taskeng.exe[2420] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe9789e0 8 bytes JMP 000007fffe0c01f0 .text C:\Windows\system32\taskeng.exe[2420] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe97be40 8 bytes JMP 000007fffe0c01b8 .text C:\Windows\system32\taskeng.exe[2420] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefea57490 11 bytes JMP 000007fffe0c0228 .text C:\Windows\system32\taskeng.exe[2420] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefea6bf00 7 bytes JMP 000007fffe0c0260 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe0f3460 7 bytes JMP 000007fffe0c00d8 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe0f9940 6 bytes JMP 000007fffe0c0148 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe0f9fb0 5 bytes JMP 000007fffe0c0180 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe0fa150 5 bytes JMP 000007fffe0c0110 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe9789e0 8 bytes JMP 000007fffe0c01f0 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe97be40 8 bytes JMP 000007fffe0c01b8 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefea57490 11 bytes JMP 000007fffe0c0228 .text C:\Windows\system32\taskeng.exe[2460] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefea6bf00 7 bytes JMP 000007fffe0c0260 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[2520] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f2e 7 bytes JMP 0000000174523dd0 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[2520] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bcd 7 bytes JMP 00000001745240e0 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[2520] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1429 7 bytes JMP 0000000174523f10 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[2520] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea5d 7 bytes JMP 0000000174523dc0 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[2520] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000755588f4 7 bytes JMP 0000000174523b50 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[2520] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558979 5 bytes JMP 0000000174523c00 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[2520] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075558ccf 5 bytes JMP 0000000174523b60 .text C:\Windows\system32\wuauclt.exe[1484] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe0f3460 7 bytes JMP 000007fffe0c00d8 .text C:\Windows\system32\wuauclt.exe[1484] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe0f9940 6 bytes JMP 000007fffe0c0148 .text C:\Windows\system32\wuauclt.exe[1484] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe0f9fb0 5 bytes JMP 000007fffe0c0180 .text C:\Windows\system32\wuauclt.exe[1484] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe0fa150 5 bytes JMP 000007fffe0c0110 .text C:\Windows\system32\wuauclt.exe[1484] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefea57490 11 bytes JMP 000007fffe0c0228 .text C:\Windows\system32\wuauclt.exe[1484] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefea6bf00 7 bytes JMP 000007fffe0c0260 .text C:\Windows\system32\wuauclt.exe[1484] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe9789e0 8 bytes JMP 000007fffe0c01f0 .text C:\Windows\system32\wuauclt.exe[1484] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe97be40 8 bytes JMP 000007fffe0c01b8 .text C:\Users\KoneQ\Downloads\2vc4bb2p.exe[4276] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f2e 7 bytes JMP 0000000174523dd0 .text C:\Users\KoneQ\Downloads\2vc4bb2p.exe[4276] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bcd 7 bytes JMP 00000001745240e0 .text C:\Users\KoneQ\Downloads\2vc4bb2p.exe[4276] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1429 7 bytes JMP 0000000174523f10 .text C:\Users\KoneQ\Downloads\2vc4bb2p.exe[4276] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea5d 7 bytes JMP 0000000174523dc0 .text C:\Users\KoneQ\Downloads\2vc4bb2p.exe[4276] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000755588f4 7 bytes JMP 0000000174523b50 .text C:\Users\KoneQ\Downloads\2vc4bb2p.exe[4276] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558979 5 bytes JMP 0000000174523c00 .text C:\Users\KoneQ\Downloads\2vc4bb2p.exe[4276] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075558ccf 5 bytes JMP 0000000174523b60 .text C:\Users\KoneQ\Downloads\2vc4bb2p.exe[4276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076fe1d1b 5 bytes JMP 0000000174523b00 .text C:\Users\KoneQ\Downloads\2vc4bb2p.exe[4276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076fe1dc9 5 bytes JMP 0000000174523ab0 .text C:\Users\KoneQ\Downloads\2vc4bb2p.exe[4276] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076fe2aa4 5 bytes JMP 0000000174523c10 .text C:\Users\KoneQ\Downloads\2vc4bb2p.exe[4276] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076fe2d0a 5 bytes JMP 0000000174523890 .text C:\Users\KoneQ\Downloads\2vc4bb2p.exe[4276] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b2e9a2 5 bytes JMP 00000001745233e0 .text C:\Users\KoneQ\Downloads\2vc4bb2p.exe[4276] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b2ebdc 5 bytes JMP 00000001745233f0 .text C:\Users\KoneQ\Downloads\2vc4bb2p.exe[4276] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c38a29 5 bytes JMP 0000000174523370 .text C:\Users\KoneQ\Downloads\2vc4bb2p.exe[4276] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c44572 5 bytes JMP 0000000174523810 .text C:\Users\KoneQ\Downloads\2vc4bb2p.exe[4276] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c5e567 5 bytes JMP 0000000174523880 .text C:\Users\KoneQ\Downloads\2vc4bb2p.exe[4276] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c807d7 5 bytes JMP 0000000174523280 .text C:\Users\KoneQ\Downloads\2vc4bb2p.exe[4276] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c97a5c 5 bytes JMP 0000000174523800 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3272:4076] 000007fefc332a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3272:2204] 000007fef15fd618 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2780:3244] 0000000075487587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2780:3424] 000000006a960cb3 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2780:2196] 0000000077c82e25 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2780:1980] 0000000077c83e45 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2780:1728] 0000000077c83e45 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2780:4932] 0000000077c83e45 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb115d31b Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb1d33403 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f8acb01 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb115d31b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb1d33403 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f8acb01 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----