GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-03 00:25:30 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 Samsung_ rev.EXT0 111,79GB Running: ps6v0btu.exe; Driver: C:\Users\ZAWODO~1\AppData\Local\Temp\kxddqpow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[820] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000077819020 4 bytes [C3, 00, 00, 00] .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000072cd17fa 2 bytes CALL 755c11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072cd1860 2 bytes CALL 755c11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072cd1942 2 bytes JMP 76576da1 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000072cd194d 2 bytes JMP 7657e8de C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000768b1401 2 bytes JMP 755eb233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000768b1419 2 bytes JMP 755eb35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000768b1431 2 bytes JMP 75669149 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000768b144a 2 bytes CALL 755c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000768b14dd 2 bytes JMP 75668a42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000768b14f5 2 bytes JMP 75668c18 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000768b150d 2 bytes JMP 75668938 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000768b1525 2 bytes JMP 75668d02 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000768b153d 2 bytes JMP 755dfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000768b1555 2 bytes JMP 755e6907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000768b156d 2 bytes JMP 75669201 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000768b1585 2 bytes JMP 75668d62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000768b159d 2 bytes JMP 756688fc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000768b15b5 2 bytes JMP 755dfd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000768b15cd 2 bytes JMP 755eb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000768b16b2 2 bytes JMP 756690c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1212] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000768b16bd 2 bytes JMP 75668891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2848] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e52bdc 5 bytes JMP 00000000728abac2 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768b1401 2 bytes JMP 755eb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2848] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768b1419 2 bytes JMP 755eb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768b1431 2 bytes JMP 75669149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768b144a 2 bytes CALL 755c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2848] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768b14dd 2 bytes JMP 75668a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768b14f5 2 bytes JMP 75668c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768b150d 2 bytes JMP 75668938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768b1525 2 bytes JMP 75668d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768b153d 2 bytes JMP 755dfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2848] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768b1555 2 bytes JMP 755e6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768b156d 2 bytes JMP 75669201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768b1585 2 bytes JMP 75668d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768b159d 2 bytes JMP 756688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768b15b5 2 bytes JMP 755dfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768b15cd 2 bytes JMP 755eb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768b16b2 2 bytes JMP 756690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768b16bd 2 bytes JMP 75668891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000768b1401 2 bytes JMP 755eb233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3432] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000768b1419 2 bytes JMP 755eb35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000768b1431 2 bytes JMP 75669149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000768b144a 2 bytes CALL 755c4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3432] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000768b14dd 2 bytes JMP 75668a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3432] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000768b14f5 2 bytes JMP 75668c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3432] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000768b150d 2 bytes JMP 75668938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3432] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000768b1525 2 bytes JMP 75668d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000768b153d 2 bytes JMP 755dfcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3432] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000768b1555 2 bytes JMP 755e6907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3432] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000768b156d 2 bytes JMP 75669201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3432] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000768b1585 2 bytes JMP 75668d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3432] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000768b159d 2 bytes JMP 756688fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000768b15b5 2 bytes JMP 755dfd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3432] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000768b15cd 2 bytes JMP 755eb2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3432] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000768b16b2 2 bytes JMP 756690c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3432] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000768b16bd 2 bytes JMP 75668891 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768b1401 2 bytes JMP 755eb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3900] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768b1419 2 bytes JMP 755eb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768b1431 2 bytes JMP 75669149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768b144a 2 bytes CALL 755c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3900] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768b14dd 2 bytes JMP 75668a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768b14f5 2 bytes JMP 75668c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768b150d 2 bytes JMP 75668938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768b1525 2 bytes JMP 75668d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768b153d 2 bytes JMP 755dfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3900] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768b1555 2 bytes JMP 755e6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768b156d 2 bytes JMP 75669201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768b1585 2 bytes JMP 75668d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768b159d 2 bytes JMP 756688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768b15b5 2 bytes JMP 755dfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768b15cd 2 bytes JMP 755eb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768b16b2 2 bytes JMP 756690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768b16bd 2 bytes JMP 75668891 C:\Windows\syswow64\kernel32.dll .text C:\Users\ZawodowieC\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768b1401 2 bytes JMP 755eb233 C:\Windows\syswow64\kernel32.dll .text C:\Users\ZawodowieC\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe[4064] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768b1419 2 bytes JMP 755eb35e C:\Windows\syswow64\kernel32.dll .text C:\Users\ZawodowieC\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768b1431 2 bytes JMP 75669149 C:\Windows\syswow64\kernel32.dll .text C:\Users\ZawodowieC\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768b144a 2 bytes CALL 755c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\ZawodowieC\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe[4064] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768b14dd 2 bytes JMP 75668a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\ZawodowieC\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768b14f5 2 bytes JMP 75668c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\ZawodowieC\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe[4064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768b150d 2 bytes JMP 75668938 C:\Windows\syswow64\kernel32.dll .text C:\Users\ZawodowieC\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768b1525 2 bytes JMP 75668d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\ZawodowieC\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768b153d 2 bytes JMP 755dfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\ZawodowieC\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe[4064] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768b1555 2 bytes JMP 755e6907 C:\Windows\syswow64\kernel32.dll .text C:\Users\ZawodowieC\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768b156d 2 bytes JMP 75669201 C:\Windows\syswow64\kernel32.dll .text C:\Users\ZawodowieC\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768b1585 2 bytes JMP 75668d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\ZawodowieC\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe[4064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768b159d 2 bytes JMP 756688fc C:\Windows\syswow64\kernel32.dll .text C:\Users\ZawodowieC\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768b15b5 2 bytes JMP 755dfd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\ZawodowieC\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768b15cd 2 bytes JMP 755eb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\ZawodowieC\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768b16b2 2 bytes JMP 756690c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\ZawodowieC\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768b16bd 2 bytes JMP 75668891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768b1401 2 bytes JMP 755eb233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4104] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768b1419 2 bytes JMP 755eb35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768b1431 2 bytes JMP 75669149 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768b144a 2 bytes CALL 755c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\RunDll32.exe[4104] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768b14dd 2 bytes JMP 75668a42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768b14f5 2 bytes JMP 75668c18 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768b150d 2 bytes JMP 75668938 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768b1525 2 bytes JMP 75668d02 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768b153d 2 bytes JMP 755dfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4104] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768b1555 2 bytes JMP 755e6907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768b156d 2 bytes JMP 75669201 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768b1585 2 bytes JMP 75668d62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768b159d 2 bytes JMP 756688fc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768b15b5 2 bytes JMP 755dfd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768b15cd 2 bytes JMP 755eb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768b16b2 2 bytes JMP 756690c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768b16bd 2 bytes JMP 75668891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768b1401 2 bytes JMP 755eb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768b1419 2 bytes JMP 755eb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768b1431 2 bytes JMP 75669149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768b144a 2 bytes CALL 755c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768b14dd 2 bytes JMP 75668a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768b14f5 2 bytes JMP 75668c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768b150d 2 bytes JMP 75668938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768b1525 2 bytes JMP 75668d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768b153d 2 bytes JMP 755dfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768b1555 2 bytes JMP 755e6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768b156d 2 bytes JMP 75669201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768b1585 2 bytes JMP 75668d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768b159d 2 bytes JMP 756688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768b15b5 2 bytes JMP 755dfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768b15cd 2 bytes JMP 755eb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768b16b2 2 bytes JMP 756690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768b16bd 2 bytes JMP 75668891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000005e6611a8 2 bytes [66, 5E] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000005e66127d 2 bytes CALL 755c14b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 000000005e661310 2 bytes CALL 755c14b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000005e6613a8 2 bytes [66, 5E] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000005e661422 2 bytes [66, 5E] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4504] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000005e661498 2 bytes [66, 5E] ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb1625d01 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb1625d01 (not active ControlSet) ---- EOF - GMER 2.2 ----