GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-13 20:22:55 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000068 SAMSUNG_ rev.CXM0 238,47GB Running: f77qiqbf.exe; Driver: C:\Users\boogie\AppData\Local\Temp\kxlirkob.sys ---- Kernel code sections - GMER 2.2 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800045b1000 64 bytes [00, 70, 08, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 593 fffff800045b1041 5 bytes [20, 27, 98, 00, 00] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1916] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007760a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1916] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077613f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1916] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007762ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1916] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007763f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1916] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077669a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1916] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776794c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1916] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776987e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1916] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fefd5d0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1916] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fefd5d00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1916] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fefd5d0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1916] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fefd5d0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1916] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1689f0 8 bytes JMP 000007fefd5d01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1916] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe16be50 8 bytes JMP 000007fefd5d01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1916] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe507490 11 bytes JMP 000007fefd5d0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1916] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe51bf00 7 bytes JMP 000007fefd5d0260 .text C:\Program Files\Elantech\ETDCtrl.exe[2212] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007760a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Elantech\ETDCtrl.exe[2212] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077613f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[2212] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007762ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[2212] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007763f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[2212] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077669a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[2212] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776794c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[2212] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776987e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2212] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fefd5d0180 .text C:\Program Files\Elantech\ETDCtrl.exe[2212] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fefd5d00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[2212] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fefd5d0148 .text C:\Program Files\Elantech\ETDCtrl.exe[2212] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fefd5d0110 .text C:\Program Files\Elantech\ETDCtrl.exe[2212] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1689f0 8 bytes JMP 000007fefd5d01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2212] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe16be50 8 bytes JMP 000007fefd5d01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[2212] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe507490 11 bytes JMP 000007fefd5d0228 .text C:\Program Files\Elantech\ETDCtrl.exe[2212] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe51bf00 7 bytes JMP 000007fefd5d0260 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fefd5d0180 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fefd5d00d8 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fefd5d0148 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fefd5d0110 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1689f0 8 bytes JMP 000007fefd5d01f0 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe16be50 8 bytes JMP 000007fefd5d01b8 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef75bdc88 5 bytes JMP 000007fef75900d8 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef75bde10 5 bytes JMP 000007fef7590110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2908] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007760a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2908] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077613f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2908] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007762ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2908] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007763f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2908] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077669a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2908] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776794c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2908] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776987e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2908] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fefd5d0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fefd5d00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2908] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fefd5d0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fefd5d0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2908] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1689f0 8 bytes JMP 000007fefd5d01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2908] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe16be50 8 bytes JMP 000007fefd5d01b8 .text C:\Program Files\Elantech\ETDIntelligent.exe[2944] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007760a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Elantech\ETDIntelligent.exe[2944] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077613f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Elantech\ETDIntelligent.exe[2944] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007762ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Elantech\ETDIntelligent.exe[2944] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007763f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Elantech\ETDIntelligent.exe[2944] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077669a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Elantech\ETDIntelligent.exe[2944] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776794c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Elantech\ETDIntelligent.exe[2944] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776987e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[2944] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fefd5d0180 .text C:\Program Files\Elantech\ETDIntelligent.exe[2944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fefd5d00d8 .text C:\Program Files\Elantech\ETDIntelligent.exe[2944] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fefd5d0148 .text C:\Program Files\Elantech\ETDIntelligent.exe[2944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fefd5d0110 .text C:\Program Files\Elantech\ETDIntelligent.exe[2944] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1689f0 8 bytes JMP 000007fefd5d01f0 .text C:\Program Files\Elantech\ETDIntelligent.exe[2944] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe16be50 8 bytes JMP 000007fefd5d01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3420] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007760a400 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3420] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077613f20 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3420] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007762ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3420] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007763f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3420] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077669a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3420] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776794c0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3420] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776987e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3420] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fefd5d0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3420] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fefd5d00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3420] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fefd5d0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3420] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fefd5d0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3420] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1689f0 8 bytes JMP 000007fefd5d01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3420] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe16be50 8 bytes JMP 000007fefd5d01b8 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075f01f0e 7 bytes JMP 00000000725f3c50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075f05bad 7 bytes JMP 00000000725f4290 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075f11409 7 bytes JMP 00000000725f3ea0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075f1ea45 7 bytes JMP 00000000725f3c40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075fa8e24 7 bytes JMP 00000000725f36c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075fa8ea9 5 bytes JMP 00000000725f3770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075fa91ff 5 bytes JMP 00000000725f36d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077491d29 5 bytes JMP 00000000725f3680 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077491dd7 5 bytes JMP 00000000725f3640 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077492ab1 5 bytes JMP 00000000013231c2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077492d17 5 bytes JMP 00000000725f3480 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000759a8a29 5 bytes JMP 00000000725f2b20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759b4572 5 bytes JMP 00000000725f3400 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759ce567 5 bytes JMP 00000000725f3470 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759f07d7 5 bytes JMP 00000000725f2960 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075a07a5c 5 bytes JMP 00000000725f33e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000773fe96b 5 bytes JMP 00000000725f2c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000773feba5 5 bytes JMP 00000000725f2c70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b05ea5 5 bytes JMP 00000000725f2ae0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3696] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b39d0b 5 bytes JMP 00000000725f2a70 .text C:\Windows\system32\igfxEM.exe[3716] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007760a400 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\igfxEM.exe[3716] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077613f20 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\igfxEM.exe[3716] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007762ffb0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\igfxEM.exe[3716] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007763f2e0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\igfxEM.exe[3716] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077669a30 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\igfxEM.exe[3716] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776794c0 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\igfxEM.exe[3716] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776987e0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\igfxEM.exe[3716] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fefd5d0180 .text C:\Windows\system32\igfxEM.exe[3716] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fefd5d00d8 .text C:\Windows\system32\igfxEM.exe[3716] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fefd5d0148 .text C:\Windows\system32\igfxEM.exe[3716] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fefd5d0110 .text C:\Windows\system32\igfxEM.exe[3716] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1689f0 8 bytes JMP 000007fefd5d01f0 .text C:\Windows\system32\igfxEM.exe[3716] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe16be50 8 bytes JMP 000007fefd5d01b8 .text C:\Windows\system32\igfxEM.exe[3716] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe507490 11 bytes JMP 000007fefd5d0228 .text C:\Windows\system32\igfxEM.exe[3716] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe51bf00 7 bytes JMP 000007fefd5d0260 .text C:\Windows\system32\igfxHK.exe[3728] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007760a400 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\igfxHK.exe[3728] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077613f20 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\igfxHK.exe[3728] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007762ffb0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\igfxHK.exe[3728] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007763f2e0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\igfxHK.exe[3728] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077669a30 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\igfxHK.exe[3728] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776794c0 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\igfxHK.exe[3728] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776987e0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\igfxHK.exe[3728] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fefd5d0180 .text C:\Windows\system32\igfxHK.exe[3728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fefd5d00d8 .text C:\Windows\system32\igfxHK.exe[3728] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fefd5d0148 .text C:\Windows\system32\igfxHK.exe[3728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fefd5d0110 .text C:\Windows\system32\igfxHK.exe[3728] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1689f0 8 bytes JMP 000007fefd5d01f0 .text C:\Windows\system32\igfxHK.exe[3728] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe16be50 8 bytes JMP 000007fefd5d01b8 .text C:\Windows\system32\igfxHK.exe[3728] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe507490 11 bytes JMP 000007fefd5d0228 .text C:\Windows\system32\igfxHK.exe[3728] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe51bf00 7 bytes JMP 000007fefd5d0260 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075f01f0e 7 bytes JMP 00000000725f3c50 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075f05bad 7 bytes JMP 00000000725f4290 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075f11409 7 bytes JMP 00000000725f3ea0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075f1ea45 7 bytes JMP 00000000725f3c40 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075fa8e24 7 bytes JMP 00000000725f36c0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075fa8ea9 5 bytes JMP 00000000725f3770 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075fa91ff 5 bytes JMP 00000000725f36d0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077491d29 5 bytes JMP 00000000725f3680 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077491dd7 5 bytes JMP 00000000725f3640 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077492ab1 5 bytes JMP 00000000725f3780 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077492d17 5 bytes JMP 00000000725f3480 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000773fe96b 5 bytes JMP 00000000725f2c60 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000773feba5 5 bytes JMP 00000000725f2c70 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000759a8a29 5 bytes JMP 00000000725f2b20 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\USER32.dll!LoadStringW 00000000759a8eb9 5 bytes {CALL 0xffffffff9a6582e9} .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759b4572 5 bytes JMP 00000000725f3400 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759ce567 5 bytes JMP 00000000725f3470 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759f07d7 5 bytes JMP 00000000725f2960 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075a07a5c 5 bytes JMP 00000000725f33e0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b05ea5 5 bytes JMP 00000000725f2ae0 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b39d0b 5 bytes JMP 00000000725f2a70 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072621003 2 bytes [62, 72] .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[3796] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072621016 2 bytes [62, 72] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075f01f0e 7 bytes JMP 00000000725f3c50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075f05bad 7 bytes JMP 00000000725f4290 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075f11409 7 bytes JMP 00000000725f3ea0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075f1ea45 7 bytes JMP 00000000725f3c40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075fa8e24 7 bytes JMP 00000000725f36c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075fa8ea9 5 bytes JMP 00000000725f3770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075fa91ff 5 bytes JMP 00000000725f36d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077491d29 5 bytes JMP 00000000725f3680 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077491dd7 5 bytes JMP 00000000725f3640 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077492ab1 5 bytes JMP 00000000725f3780 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077492d17 5 bytes JMP 00000000725f3480 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000773fe96b 5 bytes JMP 00000000725f2c60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000773feba5 5 bytes JMP 00000000725f2c70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000759a8a29 5 bytes JMP 00000000725f2b20 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759b4572 5 bytes JMP 00000000725f3400 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759ce567 5 bytes JMP 00000000725f3470 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759f07d7 5 bytes JMP 00000000725f2960 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075a07a5c 5 bytes JMP 00000000725f33e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b05ea5 5 bytes JMP 00000000725f2ae0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b39d0b 5 bytes JMP 00000000725f2a70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072621003 2 bytes [62, 72] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3860] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072621016 2 bytes [62, 72] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2960] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007760a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2960] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077613f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2960] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007762ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2960] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007763f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2960] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077669a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2960] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000776794c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2960] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776987e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2960] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fefd5d0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fefd5d00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2960] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fefd5d0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fefd5d0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2960] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1689f0 8 bytes JMP 000007fefd5d01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2960] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe16be50 8 bytes JMP 000007fefd5d01b8 .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075f01f0e 7 bytes JMP 00000000725f3c50 .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075f05bad 7 bytes JMP 00000000725f4290 .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075f11409 7 bytes JMP 00000000725f3ea0 .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075f1ea45 7 bytes JMP 00000000725f3c40 .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075fa8e24 7 bytes JMP 00000000725f36c0 .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075fa8ea9 5 bytes JMP 00000000725f3770 .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075fa91ff 5 bytes JMP 00000000725f36d0 .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077491d29 5 bytes JMP 00000000725f3680 .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077491dd7 5 bytes JMP 00000000725f3640 .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077492ab1 5 bytes JMP 00000000725f3780 .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077492d17 5 bytes JMP 00000000725f3480 .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000773fe96b 5 bytes JMP 00000000725f2c60 .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000773feba5 5 bytes JMP 00000000725f2c70 .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000759b4572 5 bytes JMP 00000000725f3400 .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000759ce567 5 bytes JMP 00000000725f3470 .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759f07d7 5 bytes JMP 00000000725f2960 .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075a07a5c 5 bytes JMP 00000000725f33e0 .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072621003 2 bytes [62, 72] .text C:\Users\boogie\Desktop\antivir\skanery na forum\f77qiqbf.exe[2696] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072621016 2 bytes [62, 72] ---- Threads - GMER 2.2 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2892:3404] 000007fef9af2bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2892:1180] 000007fef8385124 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\303a64bdcb02 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\303a64bdcb02 (not active ControlSet) ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----