GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-28 17:42:49 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC38 465,76GB Running: e4iyk96s.exe; Driver: C:\Users\Dominik\AppData\Local\Temp\pgddqpoc.sys ---- Kernel code sections - GMER 2.2 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1912] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076901bb2 5 bytes JMP 0000000000d98c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758d1401 2 bytes JMP 7574eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1912] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758d1419 2 bytes JMP 7575b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758d1431 2 bytes JMP 757d8609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758d144a 2 bytes CALL 75731dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1912] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758d14dd 2 bytes JMP 757d7efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758d14f5 2 bytes JMP 757d80d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758d150d 2 bytes JMP 757d7df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758d1525 2 bytes JMP 757d81c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758d153d 2 bytes JMP 7574f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1912] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758d1555 2 bytes JMP 7575b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758d156d 2 bytes JMP 757d86c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758d1585 2 bytes JMP 757d8222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758d159d 2 bytes JMP 757d7db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758d15b5 2 bytes JMP 7574f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758d15cd 2 bytes JMP 7575b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758d16b2 2 bytes JMP 757d8584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758d16bd 2 bytes JMP 757d7d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758d1401 2 bytes JMP 7574eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758d1419 2 bytes JMP 7575b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758d1431 2 bytes JMP 757d8609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758d144a 2 bytes CALL 75731dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758d14dd 2 bytes JMP 757d7efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758d14f5 2 bytes JMP 757d80d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758d150d 2 bytes JMP 757d7df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758d1525 2 bytes JMP 757d81c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758d153d 2 bytes JMP 7574f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758d1555 2 bytes JMP 7575b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758d156d 2 bytes JMP 757d86c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758d1585 2 bytes JMP 757d8222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758d159d 2 bytes JMP 757d7db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758d15b5 2 bytes JMP 7574f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758d15cd 2 bytes JMP 7575b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758d16b2 2 bytes JMP 757d8584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758d16bd 2 bytes JMP 757d7d4d C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\Steam.exe[700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758d1401 2 bytes JMP 7574eb26 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\Steam.exe[700] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758d1419 2 bytes JMP 7575b513 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\Steam.exe[700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758d1431 2 bytes JMP 757d8609 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\Steam.exe[700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758d144a 2 bytes CALL 75731dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Programy\Steam2\Steam.exe[700] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758d14dd 2 bytes JMP 757d7efe C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\Steam.exe[700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758d14f5 2 bytes JMP 757d80d8 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\Steam.exe[700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758d150d 2 bytes JMP 757d7df4 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\Steam.exe[700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758d1525 2 bytes JMP 757d81c2 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\Steam.exe[700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758d153d 2 bytes JMP 7574f088 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\Steam.exe[700] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758d1555 2 bytes JMP 7575b885 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\Steam.exe[700] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758d156d 2 bytes JMP 757d86c1 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\Steam.exe[700] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758d1585 2 bytes JMP 757d8222 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\Steam.exe[700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758d159d 2 bytes JMP 757d7db8 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\Steam.exe[700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758d15b5 2 bytes JMP 7574f121 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\Steam.exe[700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758d15cd 2 bytes JMP 7575b29f C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\Steam.exe[700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758d16b2 2 bytes JMP 757d8584 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\Steam.exe[700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758d16bd 2 bytes JMP 757d7d4d C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758d1401 2 bytes JMP 7574eb26 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[3840] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758d1419 2 bytes JMP 7575b513 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758d1431 2 bytes JMP 757d8609 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758d144a 2 bytes CALL 75731dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Programy\Steam2\bin\steamwebhelper.exe[3840] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758d14dd 2 bytes JMP 757d7efe C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758d14f5 2 bytes JMP 757d80d8 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[3840] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758d150d 2 bytes JMP 757d7df4 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758d1525 2 bytes JMP 757d81c2 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758d153d 2 bytes JMP 7574f088 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[3840] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758d1555 2 bytes JMP 7575b885 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758d156d 2 bytes JMP 757d86c1 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758d1585 2 bytes JMP 757d8222 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[3840] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758d159d 2 bytes JMP 757d7db8 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758d15b5 2 bytes JMP 7574f121 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758d15cd 2 bytes JMP 7575b29f C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758d16b2 2 bytes JMP 757d8584 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[3840] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758d16bd 2 bytes JMP 757d7d4d C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007793f951 7 bytes {MOV EDX, 0xb112e8; JMP RDX} .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007793f9cd 7 bytes {MOV EDX, 0xb111a8; JMP RDX} .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007793fae5 7 bytes {MOV EDX, 0xb11168; JMP RDX} .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007793fb95 7 bytes {MOV EDX, 0xb11328; JMP RDX} .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007793fbc5 7 bytes {MOV EDX, 0xb11268; JMP RDX} .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007793fbdd 7 bytes {MOV EDX, 0xb11128; JMP RDX} .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007793fbf5 7 bytes {MOV EDX, 0xb113e8; JMP RDX} .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007793fc25 7 bytes {MOV EDX, 0xb11428; JMP RDX} .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007793fca5 7 bytes {MOV EDX, 0xb113a8; JMP RDX} .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007793fcbd 7 bytes {MOV EDX, 0xb11368; JMP RDX} .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007793fd09 7 bytes {MOV EDX, 0xb11068; JMP RDX} .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007793fe01 7 bytes {MOV EDX, 0xb110a8; JMP RDX} .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077940059 7 bytes {MOV EDX, 0xb11028; JMP RDX} .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077940fbd 7 bytes {MOV EDX, 0xb111e8; JMP RDX} .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077941065 7 bytes {MOV EDX, 0xb112a8; JMP RDX} .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000779410dd 7 bytes {MOV EDX, 0xb11228; JMP RDX} .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000779412e1 7 bytes {MOV EDX, 0xb110e8; JMP RDX} .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758d1401 2 bytes JMP 7574eb26 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758d1419 2 bytes JMP 7575b513 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758d1431 2 bytes JMP 757d8609 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758d144a 2 bytes CALL 75731dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758d14dd 2 bytes JMP 757d7efe C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758d14f5 2 bytes JMP 757d80d8 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758d150d 2 bytes JMP 757d7df4 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758d1525 2 bytes JMP 757d81c2 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758d153d 2 bytes JMP 7574f088 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758d1555 2 bytes JMP 7575b885 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758d156d 2 bytes JMP 757d86c1 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758d1585 2 bytes JMP 757d8222 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758d159d 2 bytes JMP 757d7db8 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758d15b5 2 bytes JMP 7574f121 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758d15cd 2 bytes JMP 7575b29f C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758d16b2 2 bytes JMP 757d8584 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam2\bin\steamwebhelper.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758d16bd 2 bytes JMP 757d7d4d C:\Windows\syswow64\kernel32.dll ---- Kernel code sections - GMER 2.2 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- Threads - GMER 2.2 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2128:2140] 0000000075827587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2128:2152] 0000000064c98aa6 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2128:3364] 0000000077981c7f Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2128:2852] 0000000077982c91 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2128:2092] 0000000077982c91 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2128:1476] 0000000077982c91 ---- Files - GMER 2.2 ---- File C:\Users\Dominik\AppData\Local\Mozilla\Firefox\Profiles\1qpcjo7j.default\cache2\entries\9928660E4DC673D7CDE4284B10050FBD38F3887C 846 bytes File C:\Users\Dominik\AppData\Local\Mozilla\Firefox\Profiles\1qpcjo7j.default\cache2\entries\E2738A7B44B72F7916411F64051A1518590F349F 321 bytes File C:\Users\Dominik\AppData\Local\Mozilla\Firefox\Profiles\1qpcjo7j.default\cache2\entries\4CAC7527E019EF633EC26718442AF976BE95433A 3138 bytes File C:\Users\Dominik\AppData\Local\Mozilla\Firefox\Profiles\1qpcjo7j.default\cache2\entries\2B2704960D0E0CB3C8B8FD94834B37D2665213F0 2082 bytes File C:\Users\Dominik\AppData\Local\Mozilla\Firefox\Profiles\1qpcjo7j.default\cache2\entries\DB278EB6AA5FED0EF1E4B9A190EAE1198E079AE0 298 bytes ---- EOF - GMER 2.2 ----