GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-09 20:16:15 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_MZ7TE256HMHP-000L2 rev.EXT06L0Q 238,47GB Running: vxt8n1sl.exe; Driver: C:\Users\Kuba\AppData\Local\Temp\pfdyyaog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076192182 7 bytes JMP 0000000171b43b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 000000007619c74f 7 bytes JMP 0000000171b441b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000761addba 7 bytes JMP 0000000171b43b50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000761af18b 7 bytes JMP 0000000171b43dc0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076238584 7 bytes JMP 0000000171b436a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076238609 5 bytes JMP 0000000171b43750 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007623895f 5 bytes JMP 0000000171b436b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075921094 5 bytes JMP 0000000171b43660 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075921142 5 bytes JMP 0000000171b43620 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075921bb2 5 bytes JMP 0000000100adf4f2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075921d92 5 bytes JMP 0000000171b43460 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a38b9a 5 bytes JMP 0000000171b42b00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a44c48 5 bytes JMP 0000000171b433e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a46bdc 5 bytes JMP 0000000171b43450 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a8092e 5 bytes JMP 0000000171b42940 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a97bec 5 bytes JMP 0000000171b433c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007660e84e 5 bytes JMP 0000000171b42c50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007660e86e 5 bytes JMP 0000000171b42c40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768b59e3 5 bytes JMP 0000000171b42ac0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000768f57fc 5 bytes JMP 0000000171b42a50 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076192182 7 bytes JMP 0000000171b43b60 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 000000007619c74f 7 bytes JMP 0000000171b441b0 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000761addba 7 bytes JMP 0000000171b43b50 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000761af18b 7 bytes JMP 0000000171b43dc0 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076238584 7 bytes JMP 0000000171b436a0 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076238609 5 bytes JMP 0000000171b43750 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007623895f 5 bytes JMP 0000000171b436b0 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075921094 5 bytes JMP 0000000171b43660 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075921142 5 bytes JMP 0000000171b43620 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075921bb2 5 bytes JMP 0000000171b43760 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075921d92 5 bytes JMP 0000000171b43460 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a38b9a 5 bytes JMP 0000000171b42b00 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a44c48 5 bytes JMP 0000000171b433e0 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a46bdc 5 bytes JMP 0000000171b43450 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a8092e 5 bytes JMP 0000000171b42940 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a97bec 5 bytes JMP 0000000171b433c0 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007660e84e 5 bytes JMP 0000000171b42c50 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007660e86e 5 bytes JMP 0000000171b42c40 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768b59e3 5 bytes JMP 0000000171b42ac0 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[1532] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000768f57fc 5 bytes JMP 0000000171b42a50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076192182 7 bytes JMP 0000000171b43b60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 000000007619c74f 7 bytes JMP 0000000171b441b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000761addba 7 bytes JMP 0000000171b43b50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000761af18b 7 bytes JMP 0000000171b43dc0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076238584 7 bytes JMP 0000000171b436a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076238609 5 bytes JMP 0000000171b43750 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007623895f 5 bytes JMP 0000000171b436b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075921094 5 bytes JMP 0000000171b43660 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075921142 5 bytes JMP 0000000171b43620 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075921bb2 5 bytes JMP 0000000171b43760 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075921d92 5 bytes JMP 0000000171b43460 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007660e84e 5 bytes JMP 0000000171b42c50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007660e86e 5 bytes JMP 0000000171b42c40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a38b9a 5 bytes JMP 0000000171b42b00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a44c48 5 bytes JMP 0000000171b433e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a46bdc 5 bytes JMP 0000000171b43450 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a8092e 5 bytes JMP 0000000171b42940 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a97bec 5 bytes JMP 0000000171b433c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768b59e3 5 bytes JMP 0000000171b42ac0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1940] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000768f57fc 5 bytes JMP 0000000171b42a50 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076192182 7 bytes JMP 0000000171b43b60 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 000000007619c74f 7 bytes JMP 0000000171b441b0 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000761addba 7 bytes JMP 0000000171b43b50 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000761af18b 7 bytes JMP 0000000171b43dc0 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076238584 7 bytes JMP 0000000171b436a0 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076238609 5 bytes JMP 0000000171b43750 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007623895f 5 bytes JMP 0000000171b436b0 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075921094 5 bytes JMP 0000000171b43660 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075921142 5 bytes JMP 0000000171b43620 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075921bb2 5 bytes JMP 0000000171b43760 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075921d92 5 bytes JMP 0000000171b43460 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a38b9a 5 bytes JMP 0000000171b42b00 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a44c48 5 bytes JMP 0000000171b433e0 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a46bdc 5 bytes JMP 0000000171b43450 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a8092e 5 bytes JMP 0000000171b42940 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a97bec 5 bytes JMP 0000000171b433c0 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007660e84e 5 bytes JMP 0000000171b42c50 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007660e86e 5 bytes JMP 0000000171b42c40 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768b59e3 5 bytes JMP 0000000171b42ac0 .text C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[3240] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000768f57fc 5 bytes JMP 0000000171b42a50 .text C:\Users\Kuba\Desktop\vxt8n1sl.exe[364] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076192182 7 bytes JMP 0000000171b43b60 .text C:\Users\Kuba\Desktop\vxt8n1sl.exe[364] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 000000007619c74f 7 bytes JMP 0000000171b441b0 .text C:\Users\Kuba\Desktop\vxt8n1sl.exe[364] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000761addba 7 bytes JMP 0000000171b43b50 .text C:\Users\Kuba\Desktop\vxt8n1sl.exe[364] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000761af18b 7 bytes JMP 0000000171b43dc0 .text C:\Users\Kuba\Desktop\vxt8n1sl.exe[364] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076238584 7 bytes JMP 0000000171b436a0 .text C:\Users\Kuba\Desktop\vxt8n1sl.exe[364] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076238609 5 bytes JMP 0000000171b43750 .text C:\Users\Kuba\Desktop\vxt8n1sl.exe[364] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007623895f 5 bytes JMP 0000000171b436b0 .text C:\Users\Kuba\Desktop\vxt8n1sl.exe[364] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075921094 5 bytes JMP 0000000171b43660 .text C:\Users\Kuba\Desktop\vxt8n1sl.exe[364] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075921142 5 bytes JMP 0000000171b43620 .text C:\Users\Kuba\Desktop\vxt8n1sl.exe[364] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075921bb2 5 bytes JMP 0000000171b43760 .text C:\Users\Kuba\Desktop\vxt8n1sl.exe[364] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075921d92 5 bytes JMP 0000000171b43460 .text C:\Users\Kuba\Desktop\vxt8n1sl.exe[364] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007660e84e 5 bytes JMP 0000000171b42c50 .text C:\Users\Kuba\Desktop\vxt8n1sl.exe[364] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007660e86e 5 bytes JMP 0000000171b42c40 .text C:\Users\Kuba\Desktop\vxt8n1sl.exe[364] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a38b9a 5 bytes JMP 0000000171b42b00 .text C:\Users\Kuba\Desktop\vxt8n1sl.exe[364] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a44c48 5 bytes JMP 0000000171b433e0 .text C:\Users\Kuba\Desktop\vxt8n1sl.exe[364] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a46bdc 5 bytes JMP 0000000171b43450 .text C:\Users\Kuba\Desktop\vxt8n1sl.exe[364] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a8092e 5 bytes JMP 0000000171b42940 .text C:\Users\Kuba\Desktop\vxt8n1sl.exe[364] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a97bec 5 bytes JMP 0000000171b433c0 ---- Processes - GMER 2.1 ---- Library C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\Ontology.dll (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2200] (Application Ontology library/NVIDIA Corporation)(2015-09-08 13:48:06) 0000000071220000 Process C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe (*** suspicious ***) @ C:\Users\Kuba\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe [3240] (OpenAutomate wrapper cache/NVIDIA Corporation)(2015-09-08 13:48:16) 0000000000ec0000 ---- Files - GMER 2.1 ---- File C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000518 22632 bytes File C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000568 0 bytes File C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000574 0 bytes File C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\94BF.tmp 28134 bytes File C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\94D0.tmp 28134 bytes File C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\94D2.tmp 28134 bytes File C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\94E4.tmp 28134 bytes File C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\94E6.tmp 0 bytes File C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\94E7.tmp 0 bytes File C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\94E8.tmp 0 bytes File C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\94E9.tmp 28134 bytes File C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\94EB.tmp 28134 bytes File C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\94FD.tmp 28134 bytes File C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\94FF.tmp 28134 bytes ---- EOF - GMER 2.1 ----