GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-19 07:12:02 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SPCC_Solid_State_Disk rev.S8FM08.3 111,79GB Running: q1kwtr8j.exe; Driver: C:\Users\aaa\AppData\Local\Temp\uxriapow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Launch Manager\LManager.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075931401 2 bytes JMP 761fb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1492] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075931419 2 bytes JMP 761fb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075931431 2 bytes JMP 762790f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007593144a 2 bytes CALL 761d48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Launch Manager\LManager.exe[1492] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759314dd 2 bytes JMP 762789ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759314f5 2 bytes JMP 76278bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007593150d 2 bytes JMP 762788e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075931525 2 bytes JMP 76278caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007593153d 2 bytes JMP 761efce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1492] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075931555 2 bytes JMP 761f6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007593156d 2 bytes JMP 762791a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075931585 2 bytes JMP 76278d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007593159d 2 bytes JMP 762788a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759315b5 2 bytes JMP 761efd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759315cd 2 bytes JMP 761fb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759316b2 2 bytes JMP 7627906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759316bd 2 bytes JMP 76278839 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.2 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3848:4084] 000007fefaf22af4 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3848:1972] 000007fef7025124 ---- Registry - GMER 2.2 ---- Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\Users\aaa\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_SynTPEnh.exe_8c852abe68b15d07dc44723723de94dc9f82f7_0b55d0a6 ---- Files - GMER 2.2 ---- File C:\Users\aaa\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_SynTPEnh.exe_8c852abe68b15d07dc44723723de94dc9f82f7_0a409665 0 bytes File C:\Users\aaa\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_SynTPEnh.exe_8c852abe68b15d07dc44723723de94dc9f82f7_0a409665\Report.wer 7166 bytes File C:\Users\aaa\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_SynTPEnh.exe_8c852abe68b15d07dc44723723de94dc9f82f7_cab_0a38979d 0 bytes File C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1 0 bytes File C:\ProgramData\Adobe\ARM\ArmReport.ini 0 bytes File C:\Windows\Installer\d1558.msp 0 bytes File C:\Windows\Installer\d155c.ipi 0 bytes File C:\Windows\Installer\MSI9024.tmp 0 bytes File C:\Windows\Installer\MSIB171.tmp 0 bytes ---- EOF - GMER 2.2 ----