GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-19 14:49:30 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465,76GB Running: vpjw9vzc.exe; Driver: C:\Users\Piotr\AppData\Local\Temp\pxldrpob.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000f5900 7 bytes [40, 4C, F3, FF, 01, 56, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960000f5908 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1292] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007759a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1292] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000775a3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1292] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775bffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1292] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775cf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1292] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775f9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1292] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077609710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1292] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077628ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1292] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0c6d10 11 bytes JMP 000007fefd420228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1292] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0db4f0 7 bytes JMP 000007fefd420260 .text C:\Windows\system32\Dwm.exe[2608] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4332f0 7 bytes JMP 000007fefd4200d8 .text C:\Windows\system32\Dwm.exe[2608] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd43aa60 5 bytes JMP 000007fefd420180 .text C:\Windows\system32\Dwm.exe[2608] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd43ac00 5 bytes JMP 000007fefd420110 .text C:\Windows\system32\Dwm.exe[2608] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449ac0 5 bytes JMP 000007fefd420148 .text C:\Windows\system32\Dwm.exe[2608] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff648840 8 bytes JMP 000007fefd4201f0 .text C:\Windows\system32\Dwm.exe[2608] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff64b9f0 8 bytes JMP 000007fefd4201b8 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075811eee 7 bytes JMP 000000006bff3880 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075815b85 7 bytes JMP 000000006bff3ec0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075821409 7 bytes JMP 000000006bff3ad0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007582ea5d 7 bytes JMP 000000006bff3870 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000758b90c4 7 bytes JMP 000000006bff33c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000758b9149 5 bytes JMP 000000006bff3470 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758b949f 5 bytes JMP 000000006bff33d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1e4c 5 bytes JMP 000000006bff3380 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1efa 5 bytes JMP 000000006bff3340 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2bdc 5 bytes JMP 000000000125f046 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2e7e 5 bytes JMP 000000006bff3190 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cb8a29 5 bytes JMP 000000006bff2880 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076cc5645 5 bytes JMP 000000006bff3110 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cdf61f 5 bytes JMP 000000006bff3180 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076d00867 5 bytes JMP 000000006bff2700 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d17af4 5 bytes JMP 000000006bff3100 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076f0e757 5 bytes JMP 000000006bff29a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076f0e991 5 bytes JMP 000000006bff29c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751f5e75 5 bytes JMP 000000006bff2840 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075229cbb 5 bytes JMP 000000006bff27d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077861401 2 bytes JMP 7583b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077861419 2 bytes JMP 7583b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077861431 2 bytes JMP 758b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007786144a 2 bytes CALL 75814885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000778614dd 2 bytes JMP 758b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000778614f5 2 bytes JMP 758b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007786150d 2 bytes JMP 758b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077861525 2 bytes JMP 758b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007786153d 2 bytes JMP 7582fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077861555 2 bytes JMP 75836907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007786156d 2 bytes JMP 758b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077861585 2 bytes JMP 758b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007786159d 2 bytes JMP 758b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000778615b5 2 bytes JMP 7582fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000778615cd 2 bytes JMP 7583b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000778616b2 2 bytes JMP 758b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[148] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000778616bd 2 bytes JMP 758b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3720] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075811eee 7 bytes JMP 000000006bff3880 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3720] C:\Windows\syswow64\kernel32.dll!CreateThread + 28 0000000075813491 4 bytes {CALL 0xffffffff8bec33cc} .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3720] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075815b85 7 bytes JMP 000000006bff3ec0 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3720] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075821409 7 bytes JMP 000000006bff3ad0 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3720] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007582ea5d 7 bytes JMP 000000006bff3870 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3720] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000758b90c4 7 bytes JMP 000000006bff33c0 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3720] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000758b9149 5 bytes JMP 000000006bff3470 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3720] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758b949f 5 bytes JMP 000000006bff33d0 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1e4c 5 bytes JMP 000000006bff3380 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1efa 5 bytes JMP 000000006bff3340 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2bdc 5 bytes JMP 000000006bff3480 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3720] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2e7e 5 bytes JMP 000000006bff3190 .text C:\Program Files\CCleaner\CCleaner64.exe[3736] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007759a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\CCleaner\CCleaner64.exe[3736] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000775a3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\CCleaner\CCleaner64.exe[3736] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775bffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\CCleaner\CCleaner64.exe[3736] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775cf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\CCleaner\CCleaner64.exe[3736] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775f9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\CCleaner\CCleaner64.exe[3736] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077609710 5 bytes JMP 000000006fff0148 .text C:\Program Files\CCleaner\CCleaner64.exe[3736] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077628ab0 7 bytes JMP 000000006fff01f0 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[3788] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075811eee 7 bytes JMP 000000006bff3880 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[3788] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075815b85 7 bytes JMP 000000006bff3ec0 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[3788] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075821409 7 bytes JMP 000000006bff3ad0 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[3788] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007582ea5d 7 bytes JMP 000000006bff3870 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[3788] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000758b90c4 7 bytes JMP 000000006bff33c0 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[3788] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000758b9149 5 bytes JMP 000000006bff3470 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[3788] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758b949f 5 bytes JMP 000000006bff33d0 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[3812] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007759a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[3812] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 00000000775a3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[3812] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 00000000775bffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[3812] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00000000775cf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[3812] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000775f9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[3812] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000077609710 5 bytes JMP 000000006fff0148 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[3812] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 0000000077628ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[3812] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4332f0 7 bytes JMP 000007fefd4200d8 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[3812] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd43aa60 5 bytes JMP 000007fefd420180 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[3812] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd43ac00 5 bytes JMP 000007fefd420110 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[3812] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449ac0 5 bytes JMP 000007fefd420148 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[3812] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff648840 8 bytes JMP 000007fefd4201f0 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[3812] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff64b9f0 8 bytes JMP 000007fefd4201b8 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[3812] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0c6d10 11 bytes JMP 000007fefd420228 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[3812] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0db4f0 7 bytes JMP 000007fefd420260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3952] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007759a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3952] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000775a3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3952] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775bffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3952] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775cf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3952] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775f9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3952] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077609710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3952] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077628ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3952] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4332f0 7 bytes JMP 000007fefd4200d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3952] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd43aa60 5 bytes JMP 000007fefd420180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3952] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd43ac00 5 bytes JMP 000007fefd420110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3952] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449ac0 5 bytes JMP 000007fefd420148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3952] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff648840 8 bytes JMP 000007fefd4201f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3952] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff64b9f0 8 bytes JMP 000007fefd4201b8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3380] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075811eee 7 bytes JMP 000000006bff3880 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3380] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075815b85 7 bytes JMP 000000006bff3ec0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3380] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075821409 7 bytes JMP 000000006bff3ad0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3380] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007582ea5d 7 bytes JMP 000000006bff3870 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3380] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000758b90c4 7 bytes JMP 000000006bff33c0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3380] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000758b9149 5 bytes JMP 000000006bff3470 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3380] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000758b949f 5 bytes JMP 000000006bff33d0 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4368] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075811eee 7 bytes JMP 000000006bff3880 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4368] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075815b85 7 bytes JMP 000000006bff3ec0 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4368] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075821409 7 bytes JMP 000000006bff3ad0 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4368] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007582ea5d 7 bytes JMP 000000006bff3870 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4368] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000758b90c4 7 bytes JMP 000000006bff33c0 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4368] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000758b9149 5 bytes JMP 000000006bff3470 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4368] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758b949f 5 bytes JMP 000000006bff33d0 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4432] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075811eee 7 bytes JMP 000000006bff3880 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4432] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075815b85 7 bytes JMP 000000006bff3ec0 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4432] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075821409 7 bytes JMP 000000006bff3ad0 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4432] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007582ea5d 7 bytes JMP 000000006bff3870 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4432] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000758b90c4 7 bytes JMP 000000006bff33c0 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4432] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000758b9149 5 bytes JMP 000000006bff3470 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4432] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758b949f 5 bytes JMP 000000006bff33d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3968] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075811eee 7 bytes JMP 000000006bff3880 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3968] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075815b85 7 bytes JMP 000000006bff3ec0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3968] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075821409 7 bytes JMP 000000006bff3ad0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3968] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007582ea5d 7 bytes JMP 000000006bff3870 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3968] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000758b90c4 7 bytes JMP 000000006bff33c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3968] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000758b9149 5 bytes JMP 000000006bff3470 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3968] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758b949f 5 bytes JMP 000000006bff33d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2856] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075811eee 7 bytes JMP 000000006bff3880 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2856] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075815b85 7 bytes JMP 000000006bff3ec0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2856] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075821409 7 bytes JMP 000000006bff3ad0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2856] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007582ea5d 7 bytes JMP 000000006bff3870 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2856] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000758b90c4 7 bytes JMP 000000006bff33c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2856] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000758b9149 5 bytes JMP 000000006bff3470 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2856] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758b949f 5 bytes JMP 000000006bff33d0 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075811eee 7 bytes JMP 000000006bff3880 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075815b85 7 bytes JMP 000000006bff3ec0 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075821409 7 bytes JMP 000000006bff3ad0 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007582ea5d 7 bytes JMP 000000006bff3870 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000758b90c4 7 bytes JMP 000000006bff33c0 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000758b9149 5 bytes JMP 000000006bff3470 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758b949f 5 bytes JMP 000000006bff33d0 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1e4c 5 bytes JMP 000000006bff3380 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1efa 5 bytes JMP 000000006bff3340 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2bdc 5 bytes JMP 000000006bff3480 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2e7e 5 bytes JMP 000000006bff3190 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077861401 2 bytes JMP 7583b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077861419 2 bytes JMP 7583b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077861431 2 bytes JMP 758b9149 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007786144a 2 bytes CALL 75814885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000778614dd 2 bytes JMP 758b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000778614f5 2 bytes JMP 758b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007786150d 2 bytes JMP 758b8938 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077861525 2 bytes JMP 758b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007786153d 2 bytes JMP 7582fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077861555 2 bytes JMP 75836907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007786156d 2 bytes JMP 758b9201 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077861585 2 bytes JMP 758b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007786159d 2 bytes JMP 758b88fc C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000778615b5 2 bytes JMP 7582fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000778615cd 2 bytes JMP 7583b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000778616b2 2 bytes JMP 758b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000778616bd 2 bytes JMP 758b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4216] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007759a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4216] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000775a3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4216] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775bffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4216] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775cf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4216] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775f9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4216] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077609710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4216] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077628ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4216] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4332f0 7 bytes JMP 000007fefd4200d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4216] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd43aa60 5 bytes JMP 000007fefd420180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4216] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd43ac00 5 bytes JMP 000007fefd420110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4216] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449ac0 5 bytes JMP 000007fefd420148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4216] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0c6d10 11 bytes JMP 000007fefd420228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4216] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0db4f0 7 bytes JMP 000007fefd420260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4216] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff648840 8 bytes JMP 000007fefd4201f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4216] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff64b9f0 8 bytes JMP 000007fefd4201b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4216] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007feefb72460 5 bytes JMP 000007fefd4202d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4216] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007feefba96b0 6 bytes JMP 000007fefd420298 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075811eee 7 bytes JMP 000000006bff3880 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075815b85 7 bytes JMP 000000006bff3ec0 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075821409 7 bytes JMP 000000006bff3ad0 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007582ea5d 7 bytes JMP 000000006bff3870 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000758b90c4 7 bytes JMP 000000006bff33c0 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000758b9149 5 bytes JMP 000000006bff3470 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758b949f 5 bytes JMP 000000006bff33d0 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1e4c 5 bytes JMP 000000006bff3380 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1efa 5 bytes JMP 000000006bff3340 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2bdc 5 bytes JMP 000000006bff3480 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2e7e 5 bytes JMP 000000006bff3190 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076f0e757 5 bytes JMP 000000006bff29a0 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076f0e991 5 bytes JMP 000000006bff29c0 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cb8a29 5 bytes JMP 000000006bff2880 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076cc5645 5 bytes JMP 000000006bff3110 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cdf61f 5 bytes JMP 000000006bff3180 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076d00867 5 bytes JMP 000000006bff2700 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d17af4 5 bytes JMP 000000006bff3100 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077861401 2 bytes JMP 7583b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077861419 2 bytes JMP 7583b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077861431 2 bytes JMP 758b9149 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007786144a 2 bytes CALL 75814885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000778614dd 2 bytes JMP 758b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000778614f5 2 bytes JMP 758b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007786150d 2 bytes JMP 758b8938 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077861525 2 bytes JMP 758b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007786153d 2 bytes JMP 7582fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077861555 2 bytes JMP 75836907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007786156d 2 bytes JMP 758b9201 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077861585 2 bytes JMP 758b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007786159d 2 bytes JMP 758b88fc C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000778615b5 2 bytes JMP 7582fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000778615cd 2 bytes JMP 7583b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000778616b2 2 bytes JMP 758b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[9052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000778616bd 2 bytes JMP 758b8891 C:\Windows\syswow64\kernel32.dll ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d81929e432 (not active ControlSet) Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{1418B58A-671F-40B7-B9D9-74FECC1A6DF1}\Connection@Name isatap.{6EF8ABD8-6410-480F-BD88-FBEB54B9F1FA} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{C146F0DA-FEF3-4F7D-B7CE-0569455149CA}?\Device\{1418B58A-671F-40B7-B9D9-74FECC1A6DF1}?\Device\{091BFCF4-4C81-4FBE-A27A-70D062D8D64F}?\Device\{57435425-A22F-449C-B729-D67A1316EFD0}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{C146F0DA-FEF3-4F7D-B7CE-0569455149CA}"?"{1418B58A-671F-40B7-B9D9-74FECC1A6DF1}"?"{091BFCF4-4C81-4FBE-A27A-70D062D8D64F}"?"{57435425-A22F-449C-B729-D67A1316EFD0}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{C146F0DA-FEF3-4F7D-B7CE-0569455149CA}?\Device\TCPIP6TUNNEL_{1418B58A-671F-40B7-B9D9-74FECC1A6DF1}?\Device\TCPIP6TUNNEL_{091BFCF4-4C81-4FBE-A27A-70D062D8D64F}?\Device\TCPIP6TUNNEL_{57435425-A22F-449C-B729-D67A1316EFD0}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d81929e432 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{1418B58A-671F-40B7-B9D9-74FECC1A6DF1}@InterfaceName isatap.{6EF8ABD8-6410-480F-BD88-FBEB54B9F1FA} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{1418B58A-671F-40B7-B9D9-74FECC1A6DF1}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\60d81929e432 (not active ControlSet) ---- EOF - GMER 2.2 ----