GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-26 20:24:26 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_EVO_250GB rev.EXT0DB6Q 232.89GB Running: 0gw5mpw2.exe; Driver: C:\Users\Benedykt\AppData\Local\Temp\pxdoafow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761a1401 2 bytes JMP 7579b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1660] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761a1419 2 bytes JMP 7579b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761a1431 2 bytes JMP 75818fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761a144a 2 bytes CALL 7577489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1660] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761a14dd 2 bytes JMP 758188c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761a14f5 2 bytes JMP 75818aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1660] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761a150d 2 bytes JMP 758187ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761a1525 2 bytes JMP 75818b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761a153d 2 bytes JMP 7578fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1660] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761a1555 2 bytes JMP 757968ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761a156d 2 bytes JMP 75819089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761a1585 2 bytes JMP 75818bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1660] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761a159d 2 bytes JMP 7581877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761a15b5 2 bytes JMP 7578fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761a15cd 2 bytes JMP 7579b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761a16b2 2 bytes JMP 75818f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761a16bd 2 bytes JMP 75818713 C:\Windows\syswow64\kernel32.dll .text D:\ESET\ESET Smart Security\x86\ekrn.exe[1768] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075778781 4 bytes [C2, 04, 00, 00] .text D:\ESET\ESET Smart Security\x86\ekrn.exe[1768] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000761a1401 2 bytes JMP 7579b21b C:\Windows\syswow64\kernel32.dll .text D:\ESET\ESET Smart Security\x86\ekrn.exe[1768] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000761a1419 2 bytes JMP 7579b346 C:\Windows\syswow64\kernel32.dll .text D:\ESET\ESET Smart Security\x86\ekrn.exe[1768] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000761a1431 2 bytes JMP 75818fd1 C:\Windows\syswow64\kernel32.dll .text D:\ESET\ESET Smart Security\x86\ekrn.exe[1768] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000761a144a 2 bytes CALL 7577489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\ESET\ESET Smart Security\x86\ekrn.exe[1768] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000761a14dd 2 bytes JMP 758188c4 C:\Windows\syswow64\kernel32.dll .text D:\ESET\ESET Smart Security\x86\ekrn.exe[1768] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000761a14f5 2 bytes JMP 75818aa0 C:\Windows\syswow64\kernel32.dll .text D:\ESET\ESET Smart Security\x86\ekrn.exe[1768] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000761a150d 2 bytes JMP 758187ba C:\Windows\syswow64\kernel32.dll .text D:\ESET\ESET Smart Security\x86\ekrn.exe[1768] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000761a1525 2 bytes JMP 75818b8a C:\Windows\syswow64\kernel32.dll .text D:\ESET\ESET Smart Security\x86\ekrn.exe[1768] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000761a153d 2 bytes JMP 7578fca8 C:\Windows\syswow64\kernel32.dll .text D:\ESET\ESET Smart Security\x86\ekrn.exe[1768] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000761a1555 2 bytes JMP 757968ef C:\Windows\syswow64\kernel32.dll .text D:\ESET\ESET Smart Security\x86\ekrn.exe[1768] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000761a156d 2 bytes JMP 75819089 C:\Windows\syswow64\kernel32.dll .text D:\ESET\ESET Smart Security\x86\ekrn.exe[1768] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000761a1585 2 bytes JMP 75818bea C:\Windows\syswow64\kernel32.dll .text D:\ESET\ESET Smart Security\x86\ekrn.exe[1768] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000761a159d 2 bytes JMP 7581877e C:\Windows\syswow64\kernel32.dll .text D:\ESET\ESET Smart Security\x86\ekrn.exe[1768] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000761a15b5 2 bytes JMP 7578fd41 C:\Windows\syswow64\kernel32.dll .text D:\ESET\ESET Smart Security\x86\ekrn.exe[1768] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000761a15cd 2 bytes JMP 7579b2dc C:\Windows\syswow64\kernel32.dll .text D:\ESET\ESET Smart Security\x86\ekrn.exe[1768] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000761a16b2 2 bytes JMP 75818f4c C:\Windows\syswow64\kernel32.dll .text D:\ESET\ESET Smart Security\x86\ekrn.exe[1768] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000761a16bd 2 bytes JMP 75818713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761a1401 2 bytes JMP 7579b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[1836] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761a1419 2 bytes JMP 7579b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761a1431 2 bytes JMP 75818fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761a144a 2 bytes CALL 7577489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[1836] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761a14dd 2 bytes JMP 758188c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761a14f5 2 bytes JMP 75818aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[1836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761a150d 2 bytes JMP 758187ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761a1525 2 bytes JMP 75818b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761a153d 2 bytes JMP 7578fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[1836] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761a1555 2 bytes JMP 757968ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761a156d 2 bytes JMP 75819089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761a1585 2 bytes JMP 75818bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[1836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761a159d 2 bytes JMP 7581877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761a15b5 2 bytes JMP 7578fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761a15cd 2 bytes JMP 7579b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761a16b2 2 bytes JMP 75818f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761a16bd 2 bytes JMP 75818713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761a1401 2 bytes JMP 7579b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1864] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761a1419 2 bytes JMP 7579b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761a1431 2 bytes JMP 75818fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761a144a 2 bytes CALL 7577489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1864] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761a14dd 2 bytes JMP 758188c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761a14f5 2 bytes JMP 75818aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761a150d 2 bytes JMP 758187ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761a1525 2 bytes JMP 75818b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761a153d 2 bytes JMP 7578fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1864] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761a1555 2 bytes JMP 757968ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761a156d 2 bytes JMP 75819089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761a1585 2 bytes JMP 75818bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761a159d 2 bytes JMP 7581877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761a15b5 2 bytes JMP 7578fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761a15cd 2 bytes JMP 7579b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761a16b2 2 bytes JMP 75818f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761a16bd 2 bytes JMP 75818713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761a1401 2 bytes JMP 7579b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3880] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761a1419 2 bytes JMP 7579b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761a1431 2 bytes JMP 75818fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761a144a 2 bytes CALL 7577489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3880] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761a14dd 2 bytes JMP 758188c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761a14f5 2 bytes JMP 75818aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761a150d 2 bytes JMP 758187ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761a1525 2 bytes JMP 75818b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761a153d 2 bytes JMP 7578fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3880] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761a1555 2 bytes JMP 757968ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761a156d 2 bytes JMP 75819089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761a1585 2 bytes JMP 75818bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761a159d 2 bytes JMP 7581877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761a15b5 2 bytes JMP 7578fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761a15cd 2 bytes JMP 7579b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761a16b2 2 bytes JMP 75818f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761a16bd 2 bytes JMP 75818713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761a1401 2 bytes JMP 7579b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761a1419 2 bytes JMP 7579b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761a1431 2 bytes JMP 75818fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761a144a 2 bytes CALL 7577489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761a14dd 2 bytes JMP 758188c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761a14f5 2 bytes JMP 75818aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761a150d 2 bytes JMP 758187ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761a1525 2 bytes JMP 75818b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761a153d 2 bytes JMP 7578fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761a1555 2 bytes JMP 757968ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761a156d 2 bytes JMP 75819089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761a1585 2 bytes JMP 75818bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761a159d 2 bytes JMP 7581877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761a15b5 2 bytes JMP 7578fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761a15cd 2 bytes JMP 7579b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761a16b2 2 bytes JMP 75818f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761a16bd 2 bytes JMP 75818713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761a1401 2 bytes JMP 7579b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4564] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761a1419 2 bytes JMP 7579b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761a1431 2 bytes JMP 75818fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761a144a 2 bytes CALL 7577489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4564] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761a14dd 2 bytes JMP 758188c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761a14f5 2 bytes JMP 75818aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761a150d 2 bytes JMP 758187ba C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761a1525 2 bytes JMP 75818b8a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761a153d 2 bytes JMP 7578fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4564] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761a1555 2 bytes JMP 757968ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761a156d 2 bytes JMP 75819089 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761a1585 2 bytes JMP 75818bea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761a159d 2 bytes JMP 7581877e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761a15b5 2 bytes JMP 7578fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761a15cd 2 bytes JMP 7579b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761a16b2 2 bytes JMP 75818f4c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761a16bd 2 bytes JMP 75818713 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761a1401 2 bytes JMP 7579b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[2912] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761a1419 2 bytes JMP 7579b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761a1431 2 bytes JMP 75818fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761a144a 2 bytes CALL 7577489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Dell Update\DellUpService.exe[2912] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761a14dd 2 bytes JMP 758188c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761a14f5 2 bytes JMP 75818aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[2912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761a150d 2 bytes JMP 758187ba C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761a1525 2 bytes JMP 75818b8a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761a153d 2 bytes JMP 7578fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[2912] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761a1555 2 bytes JMP 757968ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761a156d 2 bytes JMP 75819089 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761a1585 2 bytes JMP 75818bea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[2912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761a159d 2 bytes JMP 7581877e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761a15b5 2 bytes JMP 7578fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761a15cd 2 bytes JMP 7579b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761a16b2 2 bytes JMP 75818f4c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpService.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761a16bd 2 bytes JMP 75818713 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761a1401 2 bytes JMP 7579b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[4372] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761a1419 2 bytes JMP 7579b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761a1431 2 bytes JMP 75818fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761a144a 2 bytes CALL 7577489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[4372] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761a14dd 2 bytes JMP 758188c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761a14f5 2 bytes JMP 75818aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[4372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761a150d 2 bytes JMP 758187ba C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761a1525 2 bytes JMP 75818b8a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761a153d 2 bytes JMP 7578fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[4372] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761a1555 2 bytes JMP 757968ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761a156d 2 bytes JMP 75819089 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761a1585 2 bytes JMP 75818bea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[4372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761a159d 2 bytes JMP 7581877e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761a15b5 2 bytes JMP 7578fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761a15cd 2 bytes JMP 7579b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761a16b2 2 bytes JMP 75818f4c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761a16bd 2 bytes JMP 75818713 C:\Windows\syswow64\KERNEL32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!memcpy] [cece00000120] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_CxxThrowException] [15024848948] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [16824848d48] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!realloc] [2000001482484c7] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_onexit] [5824848948000000] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_lock] [848948c033000001] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!__dllonexit] [848948000000c024] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_unlock] [ec36e8000000c824] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!?terminate@@YAXXZ] [5c894cdb33450001] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_amsg_exit] [4938245c894c3024] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_initterm] [f633f63345104d8b] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_XcptFilter] [8824b4894c] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!memset] [48de8b0000009024] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!memcpy_s] [c98548fe8b4cee8b] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_purecall] [c059815ff0674] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!malloc] [aebe3d8948cf8b48] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!free] [490002a409e8000d] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_iob] [c98548f88b104d8b] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_errno] [c057015ff0674] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!wcsncpy_s] [4ff93850fff85] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_vsnwprintf] [48000dae99058b48] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!strncmp] [840f000004909839] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!fprintf] [4d8b490004feaa] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_vsnprintf] [45000dae81058b48] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!__CxxFrameHandler3] [4b0888948c933] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[USER32.dll!UnregisterClassA] [f0248c8d48] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[USER32.dll!CharNextW] [8d48000c061215ff] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[ole32.dll!CoTaskMemFree] [48b2d05e00ba0000] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[ole32.dll!CoTaskMemRealloc] [48000001f024842b] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[ole32.dll!CoCreateInstance] [4fe608d0fc23b] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[ole32.dll!CoTaskMemAlloc] [4804000005388983] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[ntdll.dll!RtlCaptureContext] [498d41000001f024] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[ntdll.dll!RtlLookupFunctionEntry] [48000c018915ff03] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[ntdll.dll!RtlVirtualUnwind] [c085000dae5a0d8b] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!lstrlenA] [9090909090909090] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!LocalAlloc] [9090909090909090] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!ReleaseMutex] [57565518245c8948] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!WaitForSingleObject] [5741564155415441] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!DeleteFileA] [4800000d50ec8148] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetLocalTime] [3348000db06a058b] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!CopyFileA] [d4024848948c4] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!FormatMessageW] [e98b4c08618b4c00] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!OutputDebugStringW] [ca8b4860244c8948] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!FlushViewOfFile] [297d0e8fa8b48] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!CreateFileA] [220248c8d48] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!LocalFree] [800b841d233] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetCurrentThread] [8c8d4800000887e8] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!SetLastError] [a04ee80000022024] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetVersionExW] [5d0248c8d480002] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!OutputDebugStringA] [270b841d2330000] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [3300000865e80000] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!UnhandledExceptionFilter] [660248c8d48c0] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetCurrentProcess] [5d02484c7d23300] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!TerminateProcess] [8948000000050000] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [75e8000008082484] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetCurrentProcessId] [b06e058b4800013b] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetCurrentThreadId] [840248c8d48000d] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!MapViewOfFile] [820248489480000] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!UnmapViewOfFile] [8102484c70000] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!FindResourceW] [a2cee80000040000] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!FreeLibrary] [db2c70d8d480002] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!LoadResource] [1a8b841d23300] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!LoadLibraryExW] [d8300000806e800] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetModuleHandleW] [58d4801000db2b3] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!WideCharToMultiByte] [64e058d48000daf] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!LoadLibraryW] [a06271d8d4c000a] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!SizeofResource] [dafc805894800] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetModuleFileNameW] [4800000a20248c8d] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!MultiByteToWideChar] [8d48000dafca0589] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!lstrlenW] [1d894c000a060305] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!RaiseException] [ad058948000dafcc] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetLastError] [60e058d48000daf] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetProcAddress] [daf87058948000a] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!lstrcmpiW] [48000dafa1058948] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!OpenFileMappingW] [8948000a05f2058d] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetShortPathNameW] [6d058948000a05c4] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!CloseHandle] [2a148e8000daf] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!LoadLibraryExA] [c0248c8d48db3345] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!DelayLoadFailureHook] [b0b841d233000000] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetVersionExA] [50245c894c000000] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetTickCount] [752e858245c894c] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!Sleep] [8c8d48db33450000] IAT C:\Windows\system32\wbem\wmiprvse.exe[3424] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!QueryPerformanceCounter] [45d233000000f024] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{8551ACD3-323B-4F78-8D09-B22EDFB80033}\Connection@Name isatap.{004DD819-5F4C-4F97-B35E-64017509D4B8} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{BAA7D876-4FE9-4491-BC77-B50F8E69FA34}?\Device\{8551ACD3-323B-4F78-8D09-B22EDFB80033}?\Device\{2FD463DF-A7EE-4971-97CB-832F6371282F}?\Device\{0EDB763E-ED4B-46FC-B680-F2E430B96723}?\Device\{5ABA8B0B-B9CF-40EC-BE64-C814EAA66B75}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{BAA7D876-4FE9-4491-BC77-B50F8E69FA34}"?"{8551ACD3-323B-4F78-8D09-B22EDFB80033}"?"{2FD463DF-A7EE-4971-97CB-832F6371282F}"?"{0EDB763E-ED4B-46FC-B680-F2E430B96723}"?"{5ABA8B0B-B9CF-40EC-BE64-C814EAA66B75}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{BAA7D876-4FE9-4491-BC77-B50F8E69FA34}?\Device\TCPIP6TUNNEL_{8551ACD3-323B-4F78-8D09-B22EDFB80033}?\Device\TCPIP6TUNNEL_{2FD463DF-A7EE-4971-97CB-832F6371282F}?\Device\TCPIP6TUNNEL_{0EDB763E-ED4B-46FC-B680-F2E430B96723}?\Device\TCPIP6TUNNEL_{5ABA8B0B-B9CF-40EC-BE64-C814EAA66B75}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5435308f02fc Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{8551ACD3-323B-4F78-8D09-B22EDFB80033}@InterfaceName isatap.{004DD819-5F4C-4F97-B35E-64017509D4B8} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{8551ACD3-323B-4F78-8D09-B22EDFB80033}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5435308f02fc (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\Users\Benedykt\AppData\Local\Temp\tmp2BE6.tmp 0 bytes ---- EOF - GMER 2.1 ----