GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-04 11:39:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-1CH162 rev.CC49 931,51GB
Running: egy795rf.exe; Driver: C:\Users\BARTEK~1\AppData\Local\Temp\ufldqpow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Origin\Origin.exe[2616] C:\Windows\syswow64\USER32.dll!SetWindowPos               00000000761f8e4e 5 bytes JMP 0000000170e0c350
.text   C:\Program Files (x86)\Origin\Origin.exe[2616] C:\Windows\syswow64\USER32.dll!ShowWindow                 0000000076200dfb 5 bytes JMP 0000000170e0c2e0
.text   C:\Program Files (x86)\Origin\Origin.exe[2616] C:\Windows\syswow64\USER32.dll!SetFocus                   0000000076202175 5 bytes JMP 0000000170e0c330
.text   C:\Program Files (x86)\Origin\Origin.exe[2616] C:\Windows\syswow64\USER32.dll!SetActiveWindow            0000000076203208 5 bytes JMP 0000000170e0c3a0
.text   C:\Program Files (x86)\Origin\Origin.exe[2616] C:\Windows\syswow64\USER32.dll!BringWindowToTop           0000000076207b3b 5 bytes JMP 0000000170e0c240
.text   C:\Program Files (x86)\Origin\Origin.exe[2616] C:\Windows\syswow64\USER32.dll!SetForegroundWindow        000000007621f170 5 bytes JMP 0000000170e0c210
.text   C:\Program Files (x86)\Origin\Origin.exe[2616] C:\Windows\syswow64\USER32.dll!SwitchToThisWindow         00000000762390fc 5 bytes JMP 0000000170e0c270
.text   C:\Program Files (x86)\Origin\Origin.exe[2616] C:\Windows\syswow64\USER32.dll!ShowWindowAsync            0000000076257d97 5 bytes JMP 0000000170e0c290
.text   C:\Program Files (x86)\Origin\Origin.exe[2616] C:\Windows\syswow64\ole32.dll!DoDragDrop                  00000000777da827 5 bytes JMP 0000000170e0c1f0
.text   C:\Program Files (x86)\Origin\Origin.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000776a1465 2 bytes [6A, 77]
.text   C:\Program Files (x86)\Origin\Origin.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000776a14bb 2 bytes [6A, 77]
.text   ...                                                                                                      * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2380:1336]                                   0000000077887587
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2380:2232]                                   000000006ab8758a
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2380:2812]                                   0000000077dc41f3
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2380:3464]                                   0000000077dc6679
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2380:2796]                                   0000000077dc6679
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2380:3652]                                   0000000077dc6679

---- EOF - GMER 2.1 ----