GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-19 15:20:59 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000028 PLEXTOR_PX-256M5S rev.1.03 238,47GB Running: nxs0si3l.exe; Driver: C:\Users\Dawid\AppData\Local\Temp\pxldapod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600022d300 15 bytes [00, 0B, F2, 01, 00, 06, 6C, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff9600022d310 8 bytes [00, D7, FB, FF, 00, D3, CD, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avformat-52.dll!av_read_packet + 463 00000000649489a7 1 byte [C0] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avformat-52.dll!av_read_packet + 465 00000000649489a9 2 bytes [25, 00] .text ... * 3 .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avformat-52.dll!ff_nut_add_sp + 61 00000000649a10b5 4 bytes [00, 0D, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avformat-52.dll!ff_nut_reset_ts + 598 00000000649a1386 4 bytes [D4, E4, 10, 6B] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avformat-52.dll!ff_nut_reset_ts + 673 00000000649a13d1 4 bytes [20, E4, 10, 6B] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_cavs_mv + 559 000000006adfefaf 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_cavs_mv + 692 000000006adff034 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_dnxhd_find_cid + 892 000000006ae2e9dc 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_write_quant_matrix + 491 000000006ae311cf 4 bytes [C1, 0A, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_write_quant_matrix + 633 000000006ae3125d 4 bytes [C0, 0A, 25, 00] .text ... * 5 .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_flac_parse_streaminfo + 679 000000006af115b7 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_mpeg4_encode_video_packet_header + 51 000000006af241c3 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_h263_find_frame_end + 732 000000006af3f068 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_h263_find_frame_end + 876 000000006af3f0f8 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_h264_decode_sei + 280 000000006af45f10 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_h264_decode_seq_parameter_set + 358 000000006af4db3e 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_h264_decode_seq_parameter_set + 626 000000006af4dc4a 4 bytes [C0, 0B, 25, 00] .text ... * 2 .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_h264_decode_picture_parameter_set + 83 000000006af4fe0b 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_h264_decode_picture_parameter_set + 445 000000006af4ff75 4 bytes [C0, 0B, 25, 00] .text ... * 5 .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_mjpeg_encode_dc + 61 000000006af88579 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_mjpeg_encode_mb + 278 000000006af8b982 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_mpeg1_encode_init + 690 000000006afa176e 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_nelly_get_sample_bits + 162 000000006afaf7a2 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_nelly_get_sample_bits + 315 000000006afaf83b 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_log2 + 33 000000006afb6c85 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_rle_encode + 672 000000006aff52cc 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_rle_encode + 949 000000006aff53e1 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_snow_vertical_compose97i + 669 000000006affb7f1 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_snow_vertical_compose97i + 716 000000006affb820 4 bytes [C0, 0B, 25, 00] .text ... * 2 .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_vp3_h_loop_filter_c + 410 000000006b026cfa 4 bytes [BF, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_wma_init + 391 000000006b07830f 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe[1536] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_mlp_init_crc + 954 000000006b0a26c6 4 bytes [C0, 0B, 25, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avformat-52.dll!av_read_packet + 463 00000000649489a7 1 byte [C0] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avformat-52.dll!av_read_packet + 465 00000000649489a9 2 bytes [26, 00] .text ... * 3 .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avformat-52.dll!ff_nut_add_sp + 61 00000000649a10b5 4 bytes [00, 0D, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avformat-52.dll!ff_nut_reset_ts + 598 00000000649a1386 4 bytes [D4, E4, 10, 6B] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avformat-52.dll!ff_nut_reset_ts + 673 00000000649a13d1 4 bytes [20, E4, 10, 6B] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_cavs_mv + 559 000000006adfefaf 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_cavs_mv + 692 000000006adff034 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_dnxhd_find_cid + 892 000000006ae2e9dc 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_write_quant_matrix + 491 000000006ae311cf 4 bytes [C1, 0A, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_write_quant_matrix + 633 000000006ae3125d 4 bytes [C0, 0A, 26, 00] .text ... * 5 .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_flac_parse_streaminfo + 679 000000006af115b7 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_mpeg4_encode_video_packet_header + 51 000000006af241c3 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_h263_find_frame_end + 732 000000006af3f068 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_h263_find_frame_end + 876 000000006af3f0f8 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_h264_decode_sei + 280 000000006af45f10 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_h264_decode_seq_parameter_set + 358 000000006af4db3e 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_h264_decode_seq_parameter_set + 626 000000006af4dc4a 4 bytes [C0, 0B, 26, 00] .text ... * 2 .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_h264_decode_picture_parameter_set + 83 000000006af4fe0b 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_h264_decode_picture_parameter_set + 445 000000006af4ff75 4 bytes [C0, 0B, 26, 00] .text ... * 5 .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_mjpeg_encode_dc + 61 000000006af88579 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_mjpeg_encode_mb + 278 000000006af8b982 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_mpeg1_encode_init + 690 000000006afa176e 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_nelly_get_sample_bits + 162 000000006afaf7a2 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_nelly_get_sample_bits + 315 000000006afaf83b 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_log2 + 33 000000006afb6c85 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_rle_encode + 672 000000006aff52cc 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_rle_encode + 949 000000006aff53e1 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_snow_vertical_compose97i + 669 000000006affb7f1 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_snow_vertical_compose97i + 716 000000006affb820 4 bytes [C0, 0B, 26, 00] .text ... * 2 .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_vp3_h_loop_filter_c + 410 000000006b026cfa 4 bytes [BF, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_wma_init + 391 000000006b07830f 4 bytes [C0, 0B, 26, 00] .text C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe[2176] C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll!ff_mlp_init_crc + 954 000000006b0a26c6 4 bytes [C0, 0B, 26, 00] .text C:\Windows\system32\svchost.exe[3468] C:\Windows\system32\KERNELBASE.dll!ResumeThread 00007ffbf39baf80 5 bytes JMP 00007ffce9a11cc0 .text C:\Windows\system32\svchost.exe[3468] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbf39cef70 5 bytes JMP 00007ffce9a11790 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\system32\KERNELBASE.dll!ResumeThread 00007ffbf39baf80 5 bytes JMP 00007ffce9a11cc0 .text C:\Windows\System32\svchost.exe[3828] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbf39cef70 5 bytes JMP 00007ffce9a11790 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4028] C:\Windows\system32\KERNELBASE.dll!ResumeThread 00007ffbf39baf80 5 bytes JMP 00007ffce9a11cc0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4028] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbf39cef70 5 bytes JMP 00007ffce9a11790 .text C:\Windows\system32\conhost.exe[4036] C:\Windows\system32\KERNELBASE.dll!ResumeThread 00007ffbf39baf80 5 bytes JMP 00007ffce9a11cc0 .text C:\Windows\system32\conhost.exe[4036] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbf39cef70 5 bytes JMP 00007ffce9a11790 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4048] C:\Windows\system32\KERNELBASE.dll!ResumeThread 00007ffbf39baf80 5 bytes JMP 00007ffce9a11cc0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4048] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbf39cef70 5 bytes JMP 00007ffce9a11790 .text C:\Windows\system32\conhost.exe[4064] C:\Windows\system32\KERNELBASE.dll!ResumeThread 00007ffbf39baf80 5 bytes JMP 00007ffce9a11cc0 .text C:\Windows\system32\conhost.exe[4064] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbf39cef70 5 bytes JMP 00007ffce9a11790 .text C:\Windows\system32\SearchIndexer.exe[4356] C:\Windows\system32\KERNELBASE.dll!ResumeThread 00007ffbf39baf80 5 bytes JMP 00007ffce9a11cc0 .text C:\Windows\system32\SearchIndexer.exe[4356] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbf39cef70 5 bytes JMP 00007ffce9a11790 .text C:\Windows\System32\skydrive.exe[4476] C:\Windows\system32\KERNELBASE.dll!ResumeThread 00007ffbf39baf80 5 bytes JMP 00007ffce9a11cc0 .text C:\Windows\System32\skydrive.exe[4476] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbf39cef70 5 bytes JMP 00007ffce9a11790 .text C:\Windows\System32\SettingSyncHost.exe[4920] C:\Windows\system32\KERNELBASE.dll!ResumeThread 00007ffbf39baf80 5 bytes JMP 00007ffce9a11cc0 .text C:\Windows\System32\SettingSyncHost.exe[4920] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbf39cef70 5 bytes JMP 00007ffce9a11790 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5084] C:\Windows\system32\KERNELBASE.dll!ResumeThread 00007ffbf39baf80 5 bytes JMP 00007ffce9a11cc0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5084] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbf39cef70 5 bytes JMP 00007ffce9a11790 .text C:\Windows\System\HsMgr64.exe[5620] C:\Windows\system32\KERNELBASE.dll!ResumeThread 00007ffbf39baf80 5 bytes JMP 00007ffce9a11cc0 .text C:\Windows\System\HsMgr64.exe[5620] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbf39cef70 5 bytes JMP 00007ffce9a11790 .text C:\Windows\System\HsMgr64.exe[5620] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffbf648d050 7 bytes JMP 00007ffcf60b00d8 .text C:\Windows\System\HsMgr64.exe[5620] C:\Windows\SYSTEM32\combase.dll!CoCreateInstanceEx 00007ffbf64b1340 7 bytes JMP 00007ffcf60b0110 .text C:\Windows\System\HsMgr64.exe[5620] C:\Windows\SYSTEM32\DSOUND.dll!DirectSoundCreate8 00007ffbdc0dc7c0 5 bytes JMP 00007ffbf60b0180 .text C:\Windows\System\HsMgr64.exe[5620] C:\Windows\SYSTEM32\DSOUND.dll!DirectSoundCaptureCreate8 00007ffbdc0e0b50 7 bytes JMP 00007ffbf60b05a8 .text C:\Windows\System\HsMgr64.exe[5620] C:\Windows\SYSTEM32\DSOUND.dll!DirectSoundCaptureCreate 00007ffbdc0f7f30 7 bytes JMP 00007ffbf60b0570 .text C:\Windows\System\HsMgr64.exe[5620] C:\Windows\SYSTEM32\DSOUND.dll!DirectSoundCreate 00007ffbdc0f8050 7 bytes JMP 00007ffbf60b0148 .text C:\Windows\System\HsMgr64.exe[5620] C:\Windows\SYSTEM32\DSOUND.dll!DirectSoundFullDuplexCreate 00007ffbdc0f8170 5 bytes JMP 00007ffbf60b05e0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[5648] C:\Windows\system32\KERNELBASE.dll!ResumeThread 00007ffbf39baf80 5 bytes JMP 00007ffce9a11cc0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[5648] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbf39cef70 5 bytes JMP 00007ffce9a11790 .text C:\Windows\system32\DllHost.exe[5908] C:\Windows\system32\KERNELBASE.dll!ResumeThread 00007ffbf39baf80 5 bytes JMP 00007ffce9a11cc0 .text C:\Windows\system32\DllHost.exe[5908] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbf39cef70 5 bytes JMP 00007ffce9a11790 .text C:\Windows\system32\taskhost.exe[6112] C:\Windows\system32\KERNELBASE.dll!ResumeThread 00007ffbf39baf80 5 bytes JMP 00007ffce9a11cc0 .text C:\Windows\system32\taskhost.exe[6112] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbf39cef70 5 bytes JMP 00007ffce9a11790 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [996:1020] fffff960009332d0 Thread C:\Windows\system32\svchost.exe [1372:5396] 00007ffbf0237240 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 896572593 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b10002aec Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b10002aec@e8150ef3ebaf 0x4C 0xF9 0x24 0x90 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2933BF90-7B36-11D2-B20E-00C04F983E60}\iexplore@Count 153 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore@Count 4617 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore@Blocked 4617 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}\iexplore@Count 1895 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore@Count 3465 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore@Blocked 3465 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 9598 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore@Count 4617 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore@Blocked 4617 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime 0xC8 0x82 0x0C 0x4D ... ---- EOF - GMER 2.1 ----