GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-02-01 17:57:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS727550A9E364 rev.JF3OA0D0 465,76GB Running: gmer.exe; Driver: C:\Users\Singaya\AppData\Local\Temp\uxloipod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\Dwm.exe[1976] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd422db0 5 bytes JMP 000007fffd410180 .text C:\Windows\system32\Dwm.exe[1976] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4237d0 7 bytes JMP 000007fffd4100d8 .text C:\Windows\system32\Dwm.exe[1976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd428ef0 6 bytes JMP 000007fffd410148 .text C:\Windows\system32\Dwm.exe[1976] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd43af60 5 bytes JMP 000007fffd410110 .text C:\Windows\system32\Dwm.exe[1976] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9889e0 8 bytes JMP 000007fffd4101f0 .text C:\Windows\system32\Dwm.exe[1976] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd98be40 8 bytes JMP 000007fffd4101b8 .text C:\Windows\system32\Dwm.exe[1976] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef619dc88 5 bytes JMP 000007fff5f900d8 .text C:\Windows\system32\Dwm.exe[1976] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef619de10 5 bytes JMP 000007fff5f90110 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000763d1f0e 7 bytes JMP 0000000170eb3880 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000763d5bad 7 bytes JMP 0000000170eb3ec0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000763e1409 7 bytes JMP 0000000170eb3ad0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000763eea45 7 bytes JMP 0000000170eb3870 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076478e24 7 bytes JMP 0000000170eb33c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076478ea9 5 bytes JMP 0000000170eb3470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764791ff 5 bytes JMP 0000000170eb33d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075211d29 5 bytes JMP 0000000170eb3380 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075211dd7 5 bytes JMP 0000000170eb3340 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075212ab1 5 bytes JMP 0000000170eb3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075212d17 5 bytes JMP 0000000170eb3190 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077078a29 5 bytes JMP 0000000170eb2880 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077084572 5 bytes JMP 0000000170eb3110 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007709e567 5 bytes JMP 0000000170eb3180 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770c07d7 5 bytes JMP 0000000170eb2700 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000770d7a5c 5 bytes JMP 0000000170eb3100 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007733e96b 5 bytes JMP 0000000170eb29a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007733eba5 5 bytes JMP 0000000170eb29c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000764e5ea5 5 bytes JMP 0000000170eb2840 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1788] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076519d0b 5 bytes JMP 0000000170eb27d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773aa400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773b3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773cffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773df2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077409a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774194c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774387e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd422db0 5 bytes JMP 000007fffd410180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4237d0 7 bytes JMP 000007fffd4100d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd428ef0 6 bytes JMP 000007fffd410148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd43af60 5 bytes JMP 000007fffd410110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe927490 11 bytes JMP 000007fffd410228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe93bf00 7 bytes JMP 000007fffd410260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9889e0 8 bytes JMP 000007fffd4101f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd98be40 8 bytes JMP 000007fffd4101b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef8062460 5 bytes JMP 000007fefd4102d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef80996b0 6 bytes JMP 000007fefd410298 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000763d1f0e 7 bytes JMP 0000000170eb3880 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000763d5bad 7 bytes JMP 0000000170eb3ec0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000763e1409 7 bytes JMP 0000000170eb3ad0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000763eea45 7 bytes JMP 0000000170eb3870 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076478e24 7 bytes JMP 0000000170eb33c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076478ea9 5 bytes JMP 0000000170eb3470 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764791ff 5 bytes JMP 0000000170eb33d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075211d29 5 bytes JMP 0000000170eb3380 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075211dd7 5 bytes JMP 0000000170eb3340 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075212ab1 5 bytes JMP 0000000100ef2dcc .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075212d17 5 bytes JMP 0000000170eb3190 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077078a29 5 bytes JMP 0000000170eb2880 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077084572 5 bytes JMP 0000000170eb3110 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007709e567 5 bytes JMP 0000000170eb3180 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770c07d7 5 bytes JMP 0000000170eb2700 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000770d7a5c 5 bytes JMP 0000000170eb3100 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007733e96b 5 bytes JMP 0000000170eb29a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007733eba5 5 bytes JMP 0000000170eb29c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000764e5ea5 5 bytes JMP 0000000170eb2840 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3780] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076519d0b 5 bytes JMP 0000000170eb27d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000763d1f0e 7 bytes JMP 0000000170eb3880 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000763d5bad 7 bytes JMP 0000000170eb3ec0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000763e1409 7 bytes JMP 0000000170eb3ad0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000763eea45 7 bytes JMP 0000000170eb3870 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076478e24 7 bytes JMP 0000000170eb33c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076478ea9 5 bytes JMP 0000000170eb3470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764791ff 5 bytes JMP 0000000170eb33d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075211d29 5 bytes JMP 0000000170eb3380 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075211dd7 5 bytes JMP 0000000170eb3340 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075212ab1 5 bytes JMP 0000000170eb3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075212d17 5 bytes JMP 0000000170eb3190 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077078a29 5 bytes JMP 0000000170eb2880 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077084572 5 bytes JMP 0000000170eb3110 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007709e567 5 bytes JMP 0000000170eb3180 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770c07d7 5 bytes JMP 0000000170eb2700 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000770d7a5c 5 bytes JMP 0000000170eb3100 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007733e96b 5 bytes JMP 0000000170eb29a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007733eba5 5 bytes JMP 0000000170eb29c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000764e5ea5 5 bytes JMP 0000000170eb2840 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076519d0b 5 bytes JMP 0000000170eb27d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773aa400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773b3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773cffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773df2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077409a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774194c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774387e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd422db0 5 bytes JMP 000007fffd410180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4237d0 7 bytes JMP 000007fffd4100d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd428ef0 6 bytes JMP 000007fffd410148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd43af60 5 bytes JMP 000007fffd410110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9889e0 8 bytes JMP 000007fffd4101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd98be40 8 bytes JMP 000007fffd4101b8 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000763d1f0e 7 bytes JMP 0000000170eb3880 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000763d5bad 7 bytes JMP 0000000170eb3ec0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000763d8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000763e1409 7 bytes JMP 0000000170eb3ad0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000763eea45 7 bytes JMP 0000000170eb3870 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076478e24 7 bytes JMP 0000000170eb33c0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076478ea9 5 bytes JMP 0000000170eb3470 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764791ff 5 bytes JMP 0000000170eb33d0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075211d29 5 bytes JMP 0000000170eb3380 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075211dd7 5 bytes JMP 0000000170eb3340 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075212ab1 5 bytes JMP 0000000170eb3480 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075212d17 5 bytes JMP 0000000170eb3190 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077078a29 5 bytes JMP 0000000170eb2880 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077084572 5 bytes JMP 0000000170eb3110 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007709e567 5 bytes JMP 0000000170eb3180 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770c07d7 5 bytes JMP 0000000170eb2700 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000770d7a5c 5 bytes JMP 0000000170eb3100 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007733e96b 5 bytes JMP 0000000170eb29a0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007733eba5 5 bytes JMP 0000000170eb29c0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000764e5ea5 5 bytes JMP 0000000170eb2840 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076519d0b 5 bytes JMP 0000000170eb27d0 .text C:\Windows\system32\wbem\unsecapp.exe[3704] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd422db0 5 bytes JMP 000007fffd410180 .text C:\Windows\system32\wbem\unsecapp.exe[3704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4237d0 7 bytes JMP 000007fffd4100d8 .text C:\Windows\system32\wbem\unsecapp.exe[3704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd428ef0 6 bytes JMP 000007fffd410148 .text C:\Windows\system32\wbem\unsecapp.exe[3704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd43af60 5 bytes JMP 000007fffd410110 .text C:\Windows\system32\wbem\unsecapp.exe[3704] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe927490 11 bytes JMP 000007fffd410228 .text C:\Windows\system32\wbem\unsecapp.exe[3704] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe93bf00 7 bytes JMP 000007fffd410260 .text C:\Windows\system32\wbem\unsecapp.exe[3704] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9889e0 8 bytes JMP 000007fffd4101f0 .text C:\Windows\system32\wbem\unsecapp.exe[3704] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd98be40 8 bytes JMP 000007fffd4101b8 .text C:\Windows\system32\taskmgr.exe[4364] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773aa400 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\taskmgr.exe[4364] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773b3f20 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\taskmgr.exe[4364] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773cffb0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\taskmgr.exe[4364] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773df2e0 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\taskmgr.exe[4364] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077409a30 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\taskmgr.exe[4364] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774194c0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\taskmgr.exe[4364] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774387e0 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\taskmgr.exe[4364] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd422db0 5 bytes JMP 000007fffd410180 .text C:\Windows\system32\taskmgr.exe[4364] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4237d0 7 bytes JMP 000007fffd4100d8 .text C:\Windows\system32\taskmgr.exe[4364] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd428ef0 6 bytes JMP 000007fffd410148 .text C:\Windows\system32\taskmgr.exe[4364] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd43af60 5 bytes JMP 000007fffd410110 .text C:\Windows\system32\taskmgr.exe[4364] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9889e0 8 bytes JMP 000007fffd4101f0 .text C:\Windows\system32\taskmgr.exe[4364] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd98be40 8 bytes JMP 000007fffd4101b8 .text C:\Windows\system32\taskmgr.exe[4364] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe927490 11 bytes JMP 000007fffd410228 .text C:\Windows\system32\taskmgr.exe[4364] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe93bf00 7 bytes JMP 000007fffd410260 .text F:\Programy\Instalki\Walka z wirusami\Logi\GMER\gmer.exe[4168] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000763d1f0e 7 bytes JMP 0000000170eb3880 .text F:\Programy\Instalki\Walka z wirusami\Logi\GMER\gmer.exe[4168] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000763d5bad 7 bytes JMP 0000000170eb3ec0 .text F:\Programy\Instalki\Walka z wirusami\Logi\GMER\gmer.exe[4168] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000763e1409 7 bytes JMP 0000000170eb3ad0 .text F:\Programy\Instalki\Walka z wirusami\Logi\GMER\gmer.exe[4168] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000763eea45 7 bytes JMP 0000000170eb3870 .text F:\Programy\Instalki\Walka z wirusami\Logi\GMER\gmer.exe[4168] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076478e24 7 bytes JMP 0000000170eb33c0 .text F:\Programy\Instalki\Walka z wirusami\Logi\GMER\gmer.exe[4168] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076478ea9 5 bytes JMP 0000000170eb3470 .text F:\Programy\Instalki\Walka z wirusami\Logi\GMER\gmer.exe[4168] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764791ff 5 bytes JMP 0000000170eb33d0 .text F:\Programy\Instalki\Walka z wirusami\Logi\GMER\gmer.exe[4168] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075211d29 5 bytes JMP 0000000170eb3380 .text F:\Programy\Instalki\Walka z wirusami\Logi\GMER\gmer.exe[4168] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075211dd7 5 bytes JMP 0000000170eb3340 .text F:\Programy\Instalki\Walka z wirusami\Logi\GMER\gmer.exe[4168] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075212ab1 5 bytes JMP 0000000170eb3480 .text F:\Programy\Instalki\Walka z wirusami\Logi\GMER\gmer.exe[4168] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075212d17 5 bytes JMP 0000000170eb3190 .text F:\Programy\Instalki\Walka z wirusami\Logi\GMER\gmer.exe[4168] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007733e96b 5 bytes JMP 0000000170eb29a0 .text F:\Programy\Instalki\Walka z wirusami\Logi\GMER\gmer.exe[4168] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007733eba5 5 bytes JMP 0000000170eb29c0 .text F:\Programy\Instalki\Walka z wirusami\Logi\GMER\gmer.exe[4168] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077078a29 5 bytes JMP 0000000170eb2880 .text F:\Programy\Instalki\Walka z wirusami\Logi\GMER\gmer.exe[4168] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077084572 5 bytes JMP 0000000170eb3110 .text F:\Programy\Instalki\Walka z wirusami\Logi\GMER\gmer.exe[4168] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007709e567 5 bytes JMP 0000000170eb3180 .text F:\Programy\Instalki\Walka z wirusami\Logi\GMER\gmer.exe[4168] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770c07d7 5 bytes JMP 0000000170eb2700 .text F:\Programy\Instalki\Walka z wirusami\Logi\GMER\gmer.exe[4168] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000770d7a5c 5 bytes JMP 0000000170eb3100 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [444:2800] 000007fef87c0ea8 Thread C:\Windows\system32\svchost.exe [444:2808] 000007fef87b9db0 Thread C:\Windows\system32\svchost.exe [444:3232] 000007fef87baa10 Thread C:\Windows\system32\svchost.exe [444:3248] 000007fef87c1c94 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [664:3056] 0000000076d07587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [664:3428] 0000000072988aa6 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [664:2596] 00000000777f2e65 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [664:4360] 00000000777f3e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [664:4500] 00000000777f3e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [664:3568] 00000000777f3e85 Thread C:\Windows\System32\svchost.exe [1556:1876] 000007fef1819688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc77372a657e Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc77372a657e (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\Users\Singaya\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CD45.tmp 28134 bytes File C:\Users\Singaya\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CD46.tmp 28134 bytes File C:\Users\Singaya\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CD57.tmp 28134 bytes File C:\Users\Singaya\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CD58.tmp 0 bytes File C:\Users\Singaya\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CD59.tmp 0 bytes File C:\Users\Singaya\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CD5A.tmp 0 bytes File C:\Users\Singaya\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CD5B.tmp 28134 bytes File C:\Users\Singaya\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CD5C.tmp 28134 bytes File C:\Users\Singaya\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CD5D.tmp 28134 bytes ---- EOF - GMER 2.1 ----