GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-01 22:27:12 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TS128GSSD370S rev.N1114H 119,24GB Running: p23sng5k.exe; Driver: C:\Users\Dominik\AppData\Local\Temp\kwkiiaog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[828] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000077969010 4 bytes [C3, 00, 00, 00] .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076dc1401 2 bytes JMP 76a2b263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[2024] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076dc1419 2 bytes JMP 76a2b38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076dc1431 2 bytes JMP 76aa90f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076dc144a 2 bytes CALL 76a048ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[2024] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076dc14dd 2 bytes JMP 76aa89ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[2024] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076dc14f5 2 bytes JMP 76aa8bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[2024] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076dc150d 2 bytes JMP 76aa88e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[2024] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076dc1525 2 bytes JMP 76aa8caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076dc153d 2 bytes JMP 76a1fce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[2024] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076dc1555 2 bytes JMP 76a26937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[2024] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076dc156d 2 bytes JMP 76aa91a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[2024] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076dc1585 2 bytes JMP 76aa8d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[2024] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076dc159d 2 bytes JMP 76aa88a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076dc15b5 2 bytes JMP 76a1fd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076dc15cd 2 bytes JMP 76a2b324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[2024] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076dc16b2 2 bytes JMP 76aa906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[2024] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076dc16bd 2 bytes JMP 76aa8839 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077572bdc 5 bytes JMP 0000000000ecfa56 .text F:\Steam\Steam.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076dc1401 2 bytes JMP 76a2b263 C:\Windows\syswow64\kernel32.dll .text F:\Steam\Steam.exe[3964] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076dc1419 2 bytes JMP 76a2b38e C:\Windows\syswow64\kernel32.dll .text F:\Steam\Steam.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076dc1431 2 bytes JMP 76aa90f1 C:\Windows\syswow64\kernel32.dll .text F:\Steam\Steam.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076dc144a 2 bytes CALL 76a048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text F:\Steam\Steam.exe[3964] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076dc14dd 2 bytes JMP 76aa89ea C:\Windows\syswow64\kernel32.dll .text F:\Steam\Steam.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076dc14f5 2 bytes JMP 76aa8bc0 C:\Windows\syswow64\kernel32.dll .text F:\Steam\Steam.exe[3964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076dc150d 2 bytes JMP 76aa88e0 C:\Windows\syswow64\kernel32.dll .text F:\Steam\Steam.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076dc1525 2 bytes JMP 76aa8caa C:\Windows\syswow64\kernel32.dll .text F:\Steam\Steam.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076dc153d 2 bytes JMP 76a1fce8 C:\Windows\syswow64\kernel32.dll .text F:\Steam\Steam.exe[3964] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076dc1555 2 bytes JMP 76a26937 C:\Windows\syswow64\kernel32.dll .text F:\Steam\Steam.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076dc156d 2 bytes JMP 76aa91a9 C:\Windows\syswow64\kernel32.dll .text F:\Steam\Steam.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076dc1585 2 bytes JMP 76aa8d0a C:\Windows\syswow64\kernel32.dll .text F:\Steam\Steam.exe[3964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076dc159d 2 bytes JMP 76aa88a4 C:\Windows\syswow64\kernel32.dll .text F:\Steam\Steam.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076dc15b5 2 bytes JMP 76a1fd81 C:\Windows\syswow64\kernel32.dll .text F:\Steam\Steam.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076dc15cd 2 bytes JMP 76a2b324 C:\Windows\syswow64\kernel32.dll .text F:\Steam\Steam.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076dc16b2 2 bytes JMP 76aa906c C:\Windows\syswow64\kernel32.dll .text F:\Steam\Steam.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076dc16bd 2 bytes JMP 76aa8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe[4024] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076dc1401 2 bytes JMP 76a2b263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe[4024] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076dc1419 2 bytes JMP 76a2b38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe[4024] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076dc1431 2 bytes JMP 76aa90f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe[4024] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076dc144a 2 bytes CALL 76a048ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe[4024] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076dc14dd 2 bytes JMP 76aa89ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe[4024] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076dc14f5 2 bytes JMP 76aa8bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe[4024] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076dc150d 2 bytes JMP 76aa88e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe[4024] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076dc1525 2 bytes JMP 76aa8caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe[4024] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076dc153d 2 bytes JMP 76a1fce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe[4024] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076dc1555 2 bytes JMP 76a26937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe[4024] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076dc156d 2 bytes JMP 76aa91a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe[4024] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076dc1585 2 bytes JMP 76aa8d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe[4024] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076dc159d 2 bytes JMP 76aa88a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe[4024] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076dc15b5 2 bytes JMP 76a1fd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe[4024] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076dc15cd 2 bytes JMP 76a2b324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe[4024] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076dc16b2 2 bytes JMP 76aa906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\Widget.exe[4024] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076dc16bd 2 bytes JMP 76aa8839 C:\Windows\syswow64\KERNEL32.dll .text F:\Steam\bin\steamwebhelper.exe[564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076dc1401 2 bytes JMP 76a2b263 C:\Windows\syswow64\kernel32.dll .text F:\Steam\bin\steamwebhelper.exe[564] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076dc1419 2 bytes JMP 76a2b38e C:\Windows\syswow64\kernel32.dll .text F:\Steam\bin\steamwebhelper.exe[564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076dc1431 2 bytes JMP 76aa90f1 C:\Windows\syswow64\kernel32.dll .text F:\Steam\bin\steamwebhelper.exe[564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076dc144a 2 bytes CALL 76a048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text F:\Steam\bin\steamwebhelper.exe[564] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076dc14dd 2 bytes JMP 76aa89ea C:\Windows\syswow64\kernel32.dll .text F:\Steam\bin\steamwebhelper.exe[564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076dc14f5 2 bytes JMP 76aa8bc0 C:\Windows\syswow64\kernel32.dll .text F:\Steam\bin\steamwebhelper.exe[564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076dc150d 2 bytes JMP 76aa88e0 C:\Windows\syswow64\kernel32.dll .text F:\Steam\bin\steamwebhelper.exe[564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076dc1525 2 bytes JMP 76aa8caa C:\Windows\syswow64\kernel32.dll .text F:\Steam\bin\steamwebhelper.exe[564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076dc153d 2 bytes JMP 76a1fce8 C:\Windows\syswow64\kernel32.dll .text F:\Steam\bin\steamwebhelper.exe[564] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076dc1555 2 bytes JMP 76a26937 C:\Windows\syswow64\kernel32.dll .text F:\Steam\bin\steamwebhelper.exe[564] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076dc156d 2 bytes JMP 76aa91a9 C:\Windows\syswow64\kernel32.dll .text F:\Steam\bin\steamwebhelper.exe[564] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076dc1585 2 bytes JMP 76aa8d0a C:\Windows\syswow64\kernel32.dll .text F:\Steam\bin\steamwebhelper.exe[564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076dc159d 2 bytes JMP 76aa88a4 C:\Windows\syswow64\kernel32.dll .text F:\Steam\bin\steamwebhelper.exe[564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076dc15b5 2 bytes JMP 76a1fd81 C:\Windows\syswow64\kernel32.dll .text F:\Steam\bin\steamwebhelper.exe[564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076dc15cd 2 bytes JMP 76a2b324 C:\Windows\syswow64\kernel32.dll .text F:\Steam\bin\steamwebhelper.exe[564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076dc16b2 2 bytes JMP 76aa906c C:\Windows\syswow64\kernel32.dll .text F:\Steam\bin\steamwebhelper.exe[564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076dc16bd 2 bytes JMP 76aa8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076dc1401 2 bytes JMP 76a2b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076dc1419 2 bytes JMP 76a2b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076dc1431 2 bytes JMP 76aa90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076dc144a 2 bytes CALL 76a048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076dc14dd 2 bytes JMP 76aa89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076dc14f5 2 bytes JMP 76aa8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076dc150d 2 bytes JMP 76aa88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076dc1525 2 bytes JMP 76aa8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076dc153d 2 bytes JMP 76a1fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076dc1555 2 bytes JMP 76a26937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076dc156d 2 bytes JMP 76aa91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076dc1585 2 bytes JMP 76aa8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076dc159d 2 bytes JMP 76aa88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076dc15b5 2 bytes JMP 76a1fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076dc15cd 2 bytes JMP 76a2b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076dc16b2 2 bytes JMP 76aa906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076dc16bd 2 bytes JMP 76aa8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\Dominik\Downloads\p23sng5k.exe[5452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076dc1401 2 bytes JMP 76a2b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Dominik\Downloads\p23sng5k.exe[5452] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076dc1419 2 bytes JMP 76a2b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Dominik\Downloads\p23sng5k.exe[5452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076dc1431 2 bytes JMP 76aa90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Dominik\Downloads\p23sng5k.exe[5452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076dc144a 2 bytes CALL 76a048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Dominik\Downloads\p23sng5k.exe[5452] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076dc14dd 2 bytes JMP 76aa89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\Dominik\Downloads\p23sng5k.exe[5452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076dc14f5 2 bytes JMP 76aa8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Dominik\Downloads\p23sng5k.exe[5452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076dc150d 2 bytes JMP 76aa88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Dominik\Downloads\p23sng5k.exe[5452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076dc1525 2 bytes JMP 76aa8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\Dominik\Downloads\p23sng5k.exe[5452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076dc153d 2 bytes JMP 76a1fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Dominik\Downloads\p23sng5k.exe[5452] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076dc1555 2 bytes JMP 76a26937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Dominik\Downloads\p23sng5k.exe[5452] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076dc156d 2 bytes JMP 76aa91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Dominik\Downloads\p23sng5k.exe[5452] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076dc1585 2 bytes JMP 76aa8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\Dominik\Downloads\p23sng5k.exe[5452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076dc159d 2 bytes JMP 76aa88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Dominik\Downloads\p23sng5k.exe[5452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076dc15b5 2 bytes JMP 76a1fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Dominik\Downloads\p23sng5k.exe[5452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076dc15cd 2 bytes JMP 76a2b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Dominik\Downloads\p23sng5k.exe[5452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076dc16b2 2 bytes JMP 76aa906c C:\Windows\syswow64\kernel32.dll .text C:\Users\Dominik\Downloads\p23sng5k.exe[5452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076dc16bd 2 bytes JMP 76aa8839 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [2124:4116] 000007fef08d9688 ---- EOF - GMER 2.2 ----