GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-18 23:13:52 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c GOODRAM rev.SAFM22.3 223,57GB Running: be6zcs5l.exe; Driver: C:\Users\SEBAST~1\AppData\Local\Temp\pxldypog.sys ---- User code sections - GMER 2.2 ---- ? C:\Windows\system32\wbem\wbemsvc.dll [2484] entry point in ".rdata" section 000000006dee8fa0 ? C:\Windows\SYSTEM32\wship6.dll [2748] entry point in ".rdata" section 0000000071c724b0 ? C:\Windows\system32\wbem\wbemsvc.dll [2748] entry point in ".rdata" section 000000006dee8fa0 .text C:\Windows\system32\taskhostw.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00007fff17f9eb50 5 bytes JMP 00007ffeff722da0 .text C:\Windows\system32\taskhostw.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00007fff17ff9c20 5 bytes JMP 00007ffeff722c60 .text C:\Windows\system32\taskhostw.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 00007fff180153e0 5 bytes JMP 00007ffeff722f30 .text C:\Windows\system32\taskhostw.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007fff180155c0 5 bytes JMP 00007ffeff7225a0 .text C:\Windows\system32\taskhostw.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007fff18015800 5 bytes JMP 00007ffeff722410 .text C:\Windows\system32\taskhostw.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007fff180158c0 5 bytes JMP 00007ffeff7229a0 .text C:\Windows\system32\taskhostw.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007fff180159c0 5 bytes JMP 00007ffeff722940 .text C:\Windows\system32\taskhostw.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 00007fff18015b00 5 bytes JMP 00007ffeff7227d0 .text C:\Windows\system32\taskhostw.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007fff180165b0 5 bytes JMP 00007ffeff7229f0 .text C:\Windows\system32\taskhostw.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007fff180166f0 5 bytes JMP 00007ffeff722aa0 .text C:\Windows\system32\taskhostw.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00007fff18016810 5 bytes JMP 00007ffeff722b50 .text C:\Windows\system32\taskhostw.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007fff18017310 5 bytes JMP 00007ffeff722a50 .text C:\Windows\system32\taskhostw.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007fff180173d0 5 bytes JMP 00007ffeff722b00 .text C:\Windows\Explorer.EXE[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00007fff17f9eb50 5 bytes JMP 00007ffeff722da0 .text C:\Windows\Explorer.EXE[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00007fff17ff9c20 5 bytes JMP 00007ffeff722c60 .text C:\Windows\Explorer.EXE[4188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 00007fff180153e0 5 bytes JMP 00007ffeff722f30 .text C:\Windows\Explorer.EXE[4188] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007fff180155c0 5 bytes JMP 00007ffeff7225a0 .text C:\Windows\Explorer.EXE[4188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007fff18015800 5 bytes JMP 00007ffeff722410 .text C:\Windows\Explorer.EXE[4188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007fff180158c0 5 bytes JMP 00007ffeff7229a0 .text C:\Windows\Explorer.EXE[4188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007fff180159c0 5 bytes JMP 00007ffeff722940 .text C:\Windows\Explorer.EXE[4188] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 00007fff18015b00 5 bytes JMP 00007ffeff7227d0 .text C:\Windows\Explorer.EXE[4188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007fff180165b0 5 bytes JMP 00007ffeff7229f0 .text C:\Windows\Explorer.EXE[4188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007fff180166f0 5 bytes JMP 00007ffeff722aa0 .text C:\Windows\Explorer.EXE[4188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00007fff18016810 5 bytes JMP 00007ffeff722b50 .text C:\Windows\Explorer.EXE[4188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007fff18017310 5 bytes JMP 00007ffeff722a50 .text C:\Windows\Explorer.EXE[4188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007fff180173d0 5 bytes JMP 00007ffeff722b00 .text C:\Windows\System32\RuntimeBroker.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00007fff17f9eb50 5 bytes JMP 00007ffeff722da0 .text C:\Windows\System32\RuntimeBroker.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00007fff17ff9c20 5 bytes JMP 00007ffeff722c60 .text C:\Windows\System32\RuntimeBroker.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 00007fff180153e0 5 bytes JMP 00007ffeff722f30 .text C:\Windows\System32\RuntimeBroker.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007fff180155c0 5 bytes JMP 00007ffeff7225a0 .text C:\Windows\System32\RuntimeBroker.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007fff18015800 5 bytes JMP 00007ffeff722410 .text C:\Windows\System32\RuntimeBroker.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007fff180158c0 5 bytes JMP 00007ffeff7229a0 .text C:\Windows\System32\RuntimeBroker.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007fff180159c0 5 bytes JMP 00007ffeff722940 .text C:\Windows\System32\RuntimeBroker.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 00007fff18015b00 5 bytes JMP 00007ffeff7227d0 .text C:\Windows\System32\RuntimeBroker.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007fff180165b0 5 bytes JMP 00007ffeff7229f0 .text C:\Windows\System32\RuntimeBroker.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007fff180166f0 5 bytes JMP 00007ffeff722aa0 .text C:\Windows\System32\RuntimeBroker.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00007fff18016810 5 bytes JMP 00007ffeff722b50 .text C:\Windows\System32\RuntimeBroker.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007fff18017310 5 bytes JMP 00007ffeff722a50 .text C:\Windows\System32\RuntimeBroker.exe[4348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007fff180173d0 5 bytes JMP 00007ffeff722b00 ? C:\Windows\SYSTEM32\iertutil.dll [5968] entry point in ".rdata" section 0000000061d416b0 ? C:\Windows\system32\apphelp.dll [5968] entry point in ".rdata" section 00000000593e0380 ? C:\Windows\SYSTEM32\NTASN1.dll [3640] entry point in ".rdata" section 000000006724bb10 ? C:\Windows\SYSTEM32\iertutil.dll [3640] entry point in ".rdata" section 0000000061d416b0 ? C:\Windows\system32\apphelp.dll [6840] entry point in ".rdata" section 00000000593e0380 ? C:\Windows\SYSTEM32\iertutil.dll [6912] entry point in ".rdata" section 0000000061d416b0 ? C:\Windows\system32\wbem\wbemsvc.dll [6912] entry point in ".rdata" section 000000006dee8fa0 ? C:\Windows\SYSTEM32\NTASN1.dll [6912] entry point in ".rdata" section 000000006724bb10 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00007fff17f9eb50 5 bytes JMP 00007ffeff722da0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00007fff17ff9c20 5 bytes JMP 00007ffeff722c60 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 00007fff180153e0 5 bytes JMP 00007ffeff722f30 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007fff180155c0 5 bytes JMP 00007ffeff7225a0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007fff18015800 5 bytes JMP 00007ffeff722410 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007fff180158c0 5 bytes JMP 00007ffeff7229a0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007fff180159c0 5 bytes JMP 00007ffeff722940 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 00007fff18015b00 5 bytes JMP 00007ffeff7227d0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007fff180165b0 5 bytes JMP 00007ffeff7229f0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007fff180166f0 5 bytes JMP 00007ffeff722aa0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00007fff18016810 5 bytes JMP 00007ffeff722b50 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007fff18017310 5 bytes JMP 00007ffeff722a50 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[7916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007fff180173d0 5 bytes JMP 00007ffeff722b00 .text C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5128] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 00007fff17f9eb50 5 bytes JMP 00007ffeff722da0 .text C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5128] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00007fff17ff9c20 5 bytes JMP 00007ffeff722c60 .text C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 00007fff180153e0 5 bytes JMP 00007ffeff722f30 .text C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5128] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007fff180155c0 5 bytes JMP 00007ffeff7225a0 .text C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007fff18015800 5 bytes JMP 00007ffeff722410 .text C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007fff180158c0 5 bytes JMP 00007ffeff7229a0 .text C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007fff180159c0 5 bytes JMP 00007ffeff722940 .text C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5128] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 00007fff18015b00 5 bytes JMP 00007ffeff7227d0 .text C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007fff180165b0 5 bytes JMP 00007ffeff7229f0 .text C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007fff180166f0 5 bytes JMP 00007ffeff722aa0 .text C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00007fff18016810 5 bytes JMP 00007ffeff722b50 .text C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007fff18017310 5 bytes JMP 00007ffeff722a50 .text C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007fff180173d0 5 bytes JMP 00007ffeff722b00 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[1408] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff56a0002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[1408] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[1408] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[1408] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[1408] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[1408] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[1408] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[1408] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[1408] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[1408] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[1408] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[1408] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffedecc6b24] C:\Users\Sebastian\AppData\Local\Vivaldi\Application\1.4.589.38\vivaldi_child.dll IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[1408] @ C:\Windows\SYSTEM32\evr.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[8644] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff56a0002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[8644] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[8644] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[8644] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[8644] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[8644] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[8644] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[8644] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[8644] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[8644] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[8644] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[8644] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffedecc6b24] C:\Users\Sebastian\AppData\Local\Vivaldi\Application\1.4.589.38\vivaldi_child.dll IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[8644] @ C:\Windows\SYSTEM32\evr.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5224] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff56a0002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5224] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5224] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5224] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5224] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5224] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5224] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5224] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5224] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5224] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5224] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5224] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffedecc6b24] C:\Users\Sebastian\AppData\Local\Vivaldi\Application\1.4.589.38\vivaldi_child.dll IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5224] @ C:\Windows\SYSTEM32\evr.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2900] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff56a0002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2900] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2900] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2900] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2900] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2900] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2900] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2900] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2900] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2900] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2900] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2900] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffedecc6b24] C:\Users\Sebastian\AppData\Local\Vivaldi\Application\1.4.589.38\vivaldi_child.dll IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2900] @ C:\Windows\SYSTEM32\evr.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5676] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff56a0002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5676] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5676] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5676] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5676] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5676] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5676] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5676] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5676] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5676] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5676] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5676] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffedecc6b24] C:\Users\Sebastian\AppData\Local\Vivaldi\Application\1.4.589.38\vivaldi_child.dll IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[5676] @ C:\Windows\SYSTEM32\evr.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2076] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff56a0002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2076] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2076] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2076] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2076] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2076] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2076] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2076] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2076] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2076] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2076] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2076] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffedecc6b24] C:\Users\Sebastian\AppData\Local\Vivaldi\Application\1.4.589.38\vivaldi_child.dll IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[2076] @ C:\Windows\SYSTEM32\evr.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6812] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff56a0002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6812] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6812] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6812] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6812] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6812] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6812] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6812] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6812] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6812] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6812] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6812] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffedecc6b24] C:\Users\Sebastian\AppData\Local\Vivaldi\Application\1.4.589.38\vivaldi_child.dll IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6812] @ C:\Windows\SYSTEM32\evr.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6068] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff56a0002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6068] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6068] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6068] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6068] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6068] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6068] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6068] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6068] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6068] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6068] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6068] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffedecc6b24] C:\Users\Sebastian\AppData\Local\Vivaldi\Application\1.4.589.38\vivaldi_child.dll IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[6068] @ C:\Windows\SYSTEM32\evr.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[9024] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff56a0002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[9024] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[9024] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[9024] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[9024] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[9024] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[9024] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[9024] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[9024] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[9024] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff56a0006c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[9024] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff540a002c] IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[9024] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffedecc6b24] C:\Users\Sebastian\AppData\Local\Vivaldi\Application\1.4.589.38\vivaldi_child.dll IAT C:\Users\Sebastian\AppData\Local\Vivaldi\Application\vivaldi.exe[9024] @ C:\Windows\SYSTEM32\evr.dll[USER32.dll!RegisterClassW] [7fff540a002c] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [1044:7748] fffff96047b34030 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1276:3616] 00007ffef2f15300 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1276:7808] 00007ffef2f4f9f0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1276:5112] 00007ffef2f63b90 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1276:1864] 00007ffef2e6f3c0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1276:9184] 00007ffef2f63b90 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1276:6952] 00007ffef2f60610 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1276:8232] 00007ffef2f63b90 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1276:7576] 00007ffef2f63b90 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -621824299 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 587 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x10 0x2C 0xDF 0x48 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x10 0x94 0xA3 0xAA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x10 0xC4 0x1A 0xE7 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList@MRUList ab Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds _crx_mpognobbkildjkofajifpdfhcoklimli?D:\Steam\Steam.exe? Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_Origin.exe_736b5ba3a1265e4cb602e39e1c7e5eaad233e35_cdbd2303_cab_19e9648d Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0x8A 0x08 0x0E 0x00 ... ---- Files - GMER 2.2 ---- File C:\Users\Sebastian\AppData\Local\Vivaldi\User Data\Default\Cache\f_00d859 0 bytes File C:\Users\Sebastian\AppData\Local\Vivaldi\User Data\Default\Cache\f_00d857 0 bytes File C:\Users\Sebastian\AppData\Local\Vivaldi\User Data\Default\Cache\f_00d858 602387 bytes ---- EOF - GMER 2.2 ----