GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-14 00:04:30 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HGST_HTS541075A9E680 rev.JA2OA560 698,64GB Running: 8fvq34w5.exe; Driver: C:\Users\Lelo\AppData\Local\Temp\pfdyyaog.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\Dwm.exe[1872] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007767cac0 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\Dwm.exe[1872] C:\Windows\system32\kernel32.dll!RegQueryValueExW 000000007768feb0 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\Dwm.exe[1872] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776a2af0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\Dwm.exe[1872] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776af8d0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\Dwm.exe[1872] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000776d9bb0 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\Dwm.exe[1872] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776e9530 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\Dwm.exe[1872] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007770a2b0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\Dwm.exe[1872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7a9610 7 bytes JMP 000007fefd7900d8 .text C:\Windows\system32\Dwm.exe[1872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7aa330 7 bytes JMP 000007fefd790148 .text C:\Windows\system32\Dwm.exe[1872] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7ab260 5 bytes JMP 000007fefd790180 .text C:\Windows\system32\Dwm.exe[1872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7ba720 5 bytes JMP 000007fefd790110 .text C:\Windows\system32\Dwm.exe[1872] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff4283e0 8 bytes JMP 000007fefd7901f0 .text C:\Windows\system32\Dwm.exe[1872] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff42bef0 8 bytes JMP 000007fefd7901b8 .text C:\Windows\system32\Dwm.exe[1872] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef8f34980 7 bytes JMP 000007fef8f200d8 .text C:\Windows\system32\Dwm.exe[1872] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef8f59af4 7 bytes JMP 000007fef8f20110 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[5952] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075dd1401 2 bytes JMP 757beb26 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[5952] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075dd1419 2 bytes JMP 757cb513 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[5952] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075dd1431 2 bytes JMP 75848609 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[5952] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075dd144a 2 bytes CALL 757a1dfa C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[5952] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075dd14dd 2 bytes JMP 75847efe C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[5952] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075dd14f5 2 bytes JMP 758480d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[5952] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075dd150d 2 bytes JMP 75847df4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[5952] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075dd1525 2 bytes JMP 758481c2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[5952] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075dd153d 2 bytes JMP 757bf088 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[5952] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075dd1555 2 bytes JMP 757cb885 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[5952] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075dd156d 2 bytes JMP 758486c1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[5952] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075dd1585 2 bytes JMP 75848222 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[5952] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075dd159d 2 bytes JMP 75847db8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[5952] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075dd15b5 2 bytes JMP 757bf121 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[5952] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075dd15cd 2 bytes JMP 757cb29f C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[5952] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075dd16b2 2 bytes JMP 75848584 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[5952] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075dd16bd 2 bytes JMP 75847d4d C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Lelo\AppData\Roaming\Eepubseuig\Kehriov.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075dd1401 2 bytes JMP 757beb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Lelo\AppData\Roaming\Eepubseuig\Kehriov.exe[1920] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075dd1419 2 bytes JMP 757cb513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Lelo\AppData\Roaming\Eepubseuig\Kehriov.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075dd1431 2 bytes JMP 75848609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Lelo\AppData\Roaming\Eepubseuig\Kehriov.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075dd144a 2 bytes CALL 757a1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Lelo\AppData\Roaming\Eepubseuig\Kehriov.exe[1920] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075dd14dd 2 bytes JMP 75847efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Lelo\AppData\Roaming\Eepubseuig\Kehriov.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075dd14f5 2 bytes JMP 758480d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Lelo\AppData\Roaming\Eepubseuig\Kehriov.exe[1920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075dd150d 2 bytes JMP 75847df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Lelo\AppData\Roaming\Eepubseuig\Kehriov.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075dd1525 2 bytes JMP 758481c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Lelo\AppData\Roaming\Eepubseuig\Kehriov.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075dd153d 2 bytes JMP 757bf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Lelo\AppData\Roaming\Eepubseuig\Kehriov.exe[1920] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075dd1555 2 bytes JMP 757cb885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Lelo\AppData\Roaming\Eepubseuig\Kehriov.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075dd156d 2 bytes JMP 758486c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Lelo\AppData\Roaming\Eepubseuig\Kehriov.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075dd1585 2 bytes JMP 75848222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Lelo\AppData\Roaming\Eepubseuig\Kehriov.exe[1920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075dd159d 2 bytes JMP 75847db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Lelo\AppData\Roaming\Eepubseuig\Kehriov.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075dd15b5 2 bytes JMP 757bf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Lelo\AppData\Roaming\Eepubseuig\Kehriov.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075dd15cd 2 bytes JMP 757cb29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Lelo\AppData\Roaming\Eepubseuig\Kehriov.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075dd16b2 2 bytes JMP 75848584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Lelo\AppData\Roaming\Eepubseuig\Kehriov.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075dd16bd 2 bytes JMP 75847d4d C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\system\rads_user_kernel.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075dd1401 2 bytes JMP 757beb26 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\system\rads_user_kernel.exe[5600] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075dd1419 2 bytes JMP 757cb513 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\system\rads_user_kernel.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075dd1431 2 bytes JMP 75848609 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\system\rads_user_kernel.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075dd144a 2 bytes CALL 757a1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\LOL\RADS\system\rads_user_kernel.exe[5600] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075dd14dd 2 bytes JMP 75847efe C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\system\rads_user_kernel.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075dd14f5 2 bytes JMP 758480d8 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\system\rads_user_kernel.exe[5600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075dd150d 2 bytes JMP 75847df4 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\system\rads_user_kernel.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075dd1525 2 bytes JMP 758481c2 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\system\rads_user_kernel.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075dd153d 2 bytes JMP 757bf088 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\system\rads_user_kernel.exe[5600] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075dd1555 2 bytes JMP 757cb885 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\system\rads_user_kernel.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075dd156d 2 bytes JMP 758486c1 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\system\rads_user_kernel.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075dd1585 2 bytes JMP 75848222 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\system\rads_user_kernel.exe[5600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075dd159d 2 bytes JMP 75847db8 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\system\rads_user_kernel.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075dd15b5 2 bytes JMP 757bf121 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\system\rads_user_kernel.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075dd15cd 2 bytes JMP 757cb29f C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\system\rads_user_kernel.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075dd16b2 2 bytes JMP 75848584 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\system\rads_user_kernel.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075dd16bd 2 bytes JMP 75847d4d C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_launcher\releases\0.0.1.14\deploy\LoLLauncher.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075dd1401 2 bytes JMP 757beb26 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_launcher\releases\0.0.1.14\deploy\LoLLauncher.exe[3016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075dd1419 2 bytes JMP 757cb513 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_launcher\releases\0.0.1.14\deploy\LoLLauncher.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075dd1431 2 bytes JMP 75848609 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_launcher\releases\0.0.1.14\deploy\LoLLauncher.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075dd144a 2 bytes CALL 757a1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\LOL\RADS\projects\lol_launcher\releases\0.0.1.14\deploy\LoLLauncher.exe[3016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075dd14dd 2 bytes JMP 75847efe C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_launcher\releases\0.0.1.14\deploy\LoLLauncher.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075dd14f5 2 bytes JMP 758480d8 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_launcher\releases\0.0.1.14\deploy\LoLLauncher.exe[3016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075dd150d 2 bytes JMP 75847df4 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_launcher\releases\0.0.1.14\deploy\LoLLauncher.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075dd1525 2 bytes JMP 758481c2 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_launcher\releases\0.0.1.14\deploy\LoLLauncher.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075dd153d 2 bytes JMP 757bf088 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_launcher\releases\0.0.1.14\deploy\LoLLauncher.exe[3016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075dd1555 2 bytes JMP 757cb885 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_launcher\releases\0.0.1.14\deploy\LoLLauncher.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075dd156d 2 bytes JMP 758486c1 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_launcher\releases\0.0.1.14\deploy\LoLLauncher.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075dd1585 2 bytes JMP 75848222 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_launcher\releases\0.0.1.14\deploy\LoLLauncher.exe[3016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075dd159d 2 bytes JMP 75847db8 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_launcher\releases\0.0.1.14\deploy\LoLLauncher.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075dd15b5 2 bytes JMP 757bf121 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_launcher\releases\0.0.1.14\deploy\LoLLauncher.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075dd15cd 2 bytes JMP 757cb29f C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_launcher\releases\0.0.1.14\deploy\LoLLauncher.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075dd16b2 2 bytes JMP 75848584 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_launcher\releases\0.0.1.14\deploy\LoLLauncher.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075dd16bd 2 bytes JMP 75847d4d C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe[948] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000757ad03c 5 bytes [33, C0, C2, 04, 00] .text D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe[948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075dd1401 2 bytes JMP 757beb26 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe[948] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075dd1419 2 bytes JMP 757cb513 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe[948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075dd1431 2 bytes JMP 75848609 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe[948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075dd144a 2 bytes CALL 757a1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe[948] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075dd14dd 2 bytes JMP 75847efe C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe[948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075dd14f5 2 bytes JMP 758480d8 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe[948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075dd150d 2 bytes JMP 75847df4 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe[948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075dd1525 2 bytes JMP 758481c2 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe[948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075dd153d 2 bytes JMP 757bf088 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe[948] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075dd1555 2 bytes JMP 757cb885 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe[948] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075dd156d 2 bytes JMP 758486c1 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe[948] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075dd1585 2 bytes JMP 75848222 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe[948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075dd159d 2 bytes JMP 75847db8 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe[948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075dd15b5 2 bytes JMP 757bf121 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe[948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075dd15cd 2 bytes JMP 757cb29f C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe[948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075dd16b2 2 bytes JMP 75848584 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_patcher\releases\0.0.0.54\deploy\LoLPatcher.exe[948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075dd16bd 2 bytes JMP 75847d4d C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_air_client\releases\0.0.1.195\deploy\LolClient.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075dd1401 2 bytes JMP 757beb26 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_air_client\releases\0.0.1.195\deploy\LolClient.exe[5876] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075dd1419 2 bytes JMP 757cb513 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_air_client\releases\0.0.1.195\deploy\LolClient.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075dd1431 2 bytes JMP 75848609 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_air_client\releases\0.0.1.195\deploy\LolClient.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075dd144a 2 bytes CALL 757a1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\LOL\RADS\projects\lol_air_client\releases\0.0.1.195\deploy\LolClient.exe[5876] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075dd14dd 2 bytes JMP 75847efe C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_air_client\releases\0.0.1.195\deploy\LolClient.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075dd14f5 2 bytes JMP 758480d8 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_air_client\releases\0.0.1.195\deploy\LolClient.exe[5876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075dd150d 2 bytes JMP 75847df4 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_air_client\releases\0.0.1.195\deploy\LolClient.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075dd1525 2 bytes JMP 758481c2 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_air_client\releases\0.0.1.195\deploy\LolClient.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075dd153d 2 bytes JMP 757bf088 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_air_client\releases\0.0.1.195\deploy\LolClient.exe[5876] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075dd1555 2 bytes JMP 757cb885 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_air_client\releases\0.0.1.195\deploy\LolClient.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075dd156d 2 bytes JMP 758486c1 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_air_client\releases\0.0.1.195\deploy\LolClient.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075dd1585 2 bytes JMP 75848222 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_air_client\releases\0.0.1.195\deploy\LolClient.exe[5876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075dd159d 2 bytes JMP 75847db8 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_air_client\releases\0.0.1.195\deploy\LolClient.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075dd15b5 2 bytes JMP 757bf121 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_air_client\releases\0.0.1.195\deploy\LolClient.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075dd15cd 2 bytes JMP 757cb29f C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_air_client\releases\0.0.1.195\deploy\LolClient.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075dd16b2 2 bytes JMP 75848584 C:\Windows\syswow64\kernel32.dll .text D:\LOL\RADS\projects\lol_air_client\releases\0.0.1.195\deploy\LolClient.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075dd16bd 2 bytes JMP 75847d4d C:\Windows\syswow64\kernel32.dll ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\a4db3041fea3 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\a4db3041fea3 (not active ControlSet) ---- Files - GMER 2.2 ---- File C:\Users\Lelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HONN2ZA\messages[1] 0 bytes ---- EOF - GMER 2.2 ----