GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-02-01 22:32:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST750LM0 rev.2AR2 698,64GB Running: gmer.exe; Driver: C:\Users\Maja\AppData\Local\Temp\uxldypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\9419acfc-a13b-418c-9e11-827a5ef0f605\updater.exe[3140] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075441401 2 bytes JMP 7659b233 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\9419acfc-a13b-418c-9e11-827a5ef0f605\updater.exe[3140] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075441419 2 bytes JMP 7659b35e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\9419acfc-a13b-418c-9e11-827a5ef0f605\updater.exe[3140] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075441431 2 bytes JMP 76619011 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\9419acfc-a13b-418c-9e11-827a5ef0f605\updater.exe[3140] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007544144a 2 bytes CALL 765748ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\9419acfc-a13b-418c-9e11-827a5ef0f605\updater.exe[3140] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754414dd 2 bytes JMP 7661890a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\9419acfc-a13b-418c-9e11-827a5ef0f605\updater.exe[3140] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754414f5 2 bytes JMP 76618ae0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\9419acfc-a13b-418c-9e11-827a5ef0f605\updater.exe[3140] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007544150d 2 bytes JMP 76618800 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\9419acfc-a13b-418c-9e11-827a5ef0f605\updater.exe[3140] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075441525 2 bytes JMP 76618bca C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\9419acfc-a13b-418c-9e11-827a5ef0f605\updater.exe[3140] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007544153d 2 bytes JMP 7658fcc0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\9419acfc-a13b-418c-9e11-827a5ef0f605\updater.exe[3140] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075441555 2 bytes JMP 76596907 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\9419acfc-a13b-418c-9e11-827a5ef0f605\updater.exe[3140] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007544156d 2 bytes JMP 766190c9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\9419acfc-a13b-418c-9e11-827a5ef0f605\updater.exe[3140] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075441585 2 bytes JMP 76618c2a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\9419acfc-a13b-418c-9e11-827a5ef0f605\updater.exe[3140] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007544159d 2 bytes JMP 766187c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\9419acfc-a13b-418c-9e11-827a5ef0f605\updater.exe[3140] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754415b5 2 bytes JMP 7658fd59 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\9419acfc-a13b-418c-9e11-827a5ef0f605\updater.exe[3140] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754415cd 2 bytes JMP 7659b2f4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\9419acfc-a13b-418c-9e11-827a5ef0f605\updater.exe[3140] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754416b2 2 bytes JMP 76618f8c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\9419acfc-a13b-418c-9e11-827a5ef0f605\updater.exe[3140] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754416bd 2 bytes JMP 76618759 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugincontainer.exe[6768] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075441401 2 bytes JMP 7659b233 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugincontainer.exe[6768] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075441419 2 bytes JMP 7659b35e C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugincontainer.exe[6768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075441431 2 bytes JMP 76619011 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugincontainer.exe[6768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007544144a 2 bytes CALL 765748ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugincontainer.exe[6768] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754414dd 2 bytes JMP 7661890a C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugincontainer.exe[6768] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754414f5 2 bytes JMP 76618ae0 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugincontainer.exe[6768] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007544150d 2 bytes JMP 76618800 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugincontainer.exe[6768] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075441525 2 bytes JMP 76618bca C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugincontainer.exe[6768] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007544153d 2 bytes JMP 7658fcc0 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugincontainer.exe[6768] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075441555 2 bytes JMP 76596907 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugincontainer.exe[6768] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007544156d 2 bytes JMP 766190c9 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugincontainer.exe[6768] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075441585 2 bytes JMP 76618c2a C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugincontainer.exe[6768] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007544159d 2 bytes JMP 766187c4 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugincontainer.exe[6768] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754415b5 2 bytes JMP 7658fd59 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugincontainer.exe[6768] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754415cd 2 bytes JMP 7659b2f4 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugincontainer.exe[6768] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754416b2 2 bytes JMP 76618f8c C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugincontainer.exe[6768] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754416bd 2 bytes JMP 76618759 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[1400] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075441401 2 bytes JMP 7659b233 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[1400] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075441419 2 bytes JMP 7659b35e C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[1400] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075441431 2 bytes JMP 76619011 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[1400] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007544144a 2 bytes CALL 765748ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[1400] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754414dd 2 bytes JMP 7661890a C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[1400] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754414f5 2 bytes JMP 76618ae0 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[1400] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007544150d 2 bytes JMP 76618800 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[1400] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075441525 2 bytes JMP 76618bca C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[1400] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007544153d 2 bytes JMP 7658fcc0 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[1400] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075441555 2 bytes JMP 76596907 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[1400] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007544156d 2 bytes JMP 766190c9 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[1400] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075441585 2 bytes JMP 76618c2a C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[1400] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007544159d 2 bytes JMP 766187c4 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[1400] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754415b5 2 bytes JMP 7658fd59 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[1400] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754415cd 2 bytes JMP 7659b2f4 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[1400] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754416b2 2 bytes JMP 76618f8c C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[1400] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754416bd 2 bytes JMP 76618759 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[3264] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075441401 2 bytes JMP 7659b233 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[3264] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075441419 2 bytes JMP 7659b35e C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[3264] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075441431 2 bytes JMP 76619011 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[3264] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007544144a 2 bytes CALL 765748ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[3264] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754414dd 2 bytes JMP 7661890a C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[3264] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754414f5 2 bytes JMP 76618ae0 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[3264] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007544150d 2 bytes JMP 76618800 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[3264] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075441525 2 bytes JMP 76618bca C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[3264] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007544153d 2 bytes JMP 7658fcc0 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[3264] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075441555 2 bytes JMP 76596907 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[3264] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007544156d 2 bytes JMP 766190c9 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[3264] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075441585 2 bytes JMP 76618c2a C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[3264] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007544159d 2 bytes JMP 766187c4 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[3264] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754415b5 2 bytes JMP 7658fd59 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[3264] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754415cd 2 bytes JMP 7659b2f4 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[3264] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754416b2 2 bytes JMP 76618f8c C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[3264] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754416bd 2 bytes JMP 76618759 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[3400] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075441401 2 bytes JMP 7659b233 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[3400] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075441419 2 bytes JMP 7659b35e C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[3400] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075441431 2 bytes JMP 76619011 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[3400] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007544144a 2 bytes CALL 765748ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[3400] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754414dd 2 bytes JMP 7661890a C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[3400] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754414f5 2 bytes JMP 76618ae0 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[3400] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007544150d 2 bytes JMP 76618800 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[3400] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075441525 2 bytes JMP 76618bca C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[3400] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007544153d 2 bytes JMP 7658fcc0 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[3400] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075441555 2 bytes JMP 76596907 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[3400] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007544156d 2 bytes JMP 766190c9 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[3400] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075441585 2 bytes JMP 76618c2a C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[3400] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007544159d 2 bytes JMP 766187c4 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[3400] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754415b5 2 bytes JMP 7658fd59 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[3400] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754415cd 2 bytes JMP 7659b2f4 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[3400] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754416b2 2 bytes JMP 76618f8c C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[3400] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754416bd 2 bytes JMP 76618759 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[4292] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075441401 2 bytes JMP 7659b233 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[4292] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075441419 2 bytes JMP 7659b35e C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[4292] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075441431 2 bytes JMP 76619011 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[4292] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007544144a 2 bytes CALL 765748ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[4292] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754414dd 2 bytes JMP 7661890a C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[4292] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754414f5 2 bytes JMP 76618ae0 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[4292] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007544150d 2 bytes JMP 76618800 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[4292] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075441525 2 bytes JMP 76618bca C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[4292] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007544153d 2 bytes JMP 7658fcc0 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[4292] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075441555 2 bytes JMP 76596907 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[4292] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007544156d 2 bytes JMP 766190c9 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[4292] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075441585 2 bytes JMP 76618c2a C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[4292] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007544159d 2 bytes JMP 766187c4 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[4292] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754415b5 2 bytes JMP 7658fd59 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[4292] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754415cd 2 bytes JMP 7659b2f4 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[4292] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754416b2 2 bytes JMP 76618f8c C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\7\plugin.exe[4292] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754416bd 2 bytes JMP 76618759 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[7116] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075441401 2 bytes JMP 7659b233 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[7116] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075441419 2 bytes JMP 7659b35e C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[7116] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075441431 2 bytes JMP 76619011 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[7116] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007544144a 2 bytes CALL 765748ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[7116] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754414dd 2 bytes JMP 7661890a C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[7116] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754414f5 2 bytes JMP 76618ae0 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[7116] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007544150d 2 bytes JMP 76618800 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[7116] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075441525 2 bytes JMP 76618bca C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[7116] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007544153d 2 bytes JMP 7658fcc0 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[7116] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075441555 2 bytes JMP 76596907 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[7116] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007544156d 2 bytes JMP 766190c9 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[7116] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075441585 2 bytes JMP 76618c2a C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[7116] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007544159d 2 bytes JMP 766187c4 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[7116] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754415b5 2 bytes JMP 7658fd59 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[7116] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754415cd 2 bytes JMP 7659b2f4 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[7116] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754416b2 2 bytes JMP 76618f8c C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\3\plugin.exe[7116] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754416bd 2 bytes JMP 76618759 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[7064] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075441401 2 bytes JMP 7659b233 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[7064] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075441419 2 bytes JMP 7659b35e C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[7064] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075441431 2 bytes JMP 76619011 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[7064] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007544144a 2 bytes CALL 765748ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[7064] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754414dd 2 bytes JMP 7661890a C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[7064] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754414f5 2 bytes JMP 76618ae0 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[7064] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007544150d 2 bytes JMP 76618800 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[7064] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075441525 2 bytes JMP 76618bca C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[7064] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007544153d 2 bytes JMP 7658fcc0 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[7064] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075441555 2 bytes JMP 76596907 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[7064] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007544156d 2 bytes JMP 766190c9 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[7064] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075441585 2 bytes JMP 76618c2a C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[7064] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007544159d 2 bytes JMP 766187c4 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[7064] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754415b5 2 bytes JMP 7658fd59 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[7064] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754415cd 2 bytes JMP 7659b2f4 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[7064] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754416b2 2 bytes JMP 76618f8c C:\windows\syswow64\kernel32.dll .text C:\ProgramData\9419acfc-a13b-418c-9e11-827a5ef0f605\plugins\12\plugin.exe[7064] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754416bd 2 bytes JMP 76618759 C:\windows\syswow64\kernel32.dll ---- Processes - GMER 2.1 ---- Process C:\Users\Maja\AppData\Local\Temp\Rar$EXa0.308\gmer.exe (*** suspicious ***) @ C:\Users\Maja\AppData\Local\Temp\Rar$EXa0.308\gmer.exe [7156](2016-02-01 20:58:50) 0000000000400000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e006e6a1e908 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e006e6a1e908 (not active ControlSet) ---- EOF - GMER 2.1 ----