GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-26 11:38:37 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MQ01ABF050 rev.AM0P1A 465,76GB Running: id3dydnc.exe; Driver: C:\Users\Mateusz\AppData\Local\Temp\pxldqpoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075441401 2 bytes JMP 7583b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075441419 2 bytes JMP 7583b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075441431 2 bytes JMP 758b90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007544144a 2 bytes CALL 758148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754414dd 2 bytes JMP 758b89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754414f5 2 bytes JMP 758b8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007544150d 2 bytes JMP 758b88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075441525 2 bytes JMP 758b8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007544153d 2 bytes JMP 7582fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075441555 2 bytes JMP 75836937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007544156d 2 bytes JMP 758b91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075441585 2 bytes JMP 758b8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007544159d 2 bytes JMP 758b88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754415b5 2 bytes JMP 7582fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754415cd 2 bytes JMP 7583b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754416b2 2 bytes JMP 758b906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754416bd 2 bytes JMP 758b8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075441401 2 bytes JMP 7583b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1536] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075441419 2 bytes JMP 7583b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075441431 2 bytes JMP 758b90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007544144a 2 bytes CALL 758148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1536] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754414dd 2 bytes JMP 758b89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754414f5 2 bytes JMP 758b8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1536] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007544150d 2 bytes JMP 758b88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075441525 2 bytes JMP 758b8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007544153d 2 bytes JMP 7582fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1536] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075441555 2 bytes JMP 75836937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007544156d 2 bytes JMP 758b91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075441585 2 bytes JMP 758b8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1536] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007544159d 2 bytes JMP 758b88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754415b5 2 bytes JMP 7582fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754415cd 2 bytes JMP 7583b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754416b2 2 bytes JMP 758b906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1536] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754416bd 2 bytes JMP 758b8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3848] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076792bdc 5 bytes JMP 00000000001c8c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075441401 2 bytes JMP 7583b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3848] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075441419 2 bytes JMP 7583b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075441431 2 bytes JMP 758b90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007544144a 2 bytes CALL 758148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3848] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754414dd 2 bytes JMP 758b89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754414f5 2 bytes JMP 758b8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007544150d 2 bytes JMP 758b88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075441525 2 bytes JMP 758b8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007544153d 2 bytes JMP 7582fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3848] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075441555 2 bytes JMP 75836937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007544156d 2 bytes JMP 758b91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075441585 2 bytes JMP 758b8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007544159d 2 bytes JMP 758b88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754415b5 2 bytes JMP 7582fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754415cd 2 bytes JMP 7583b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754416b2 2 bytes JMP 758b906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754416bd 2 bytes JMP 758b8839 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075441401 2 bytes JMP 7583b263 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[4184] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075441419 2 bytes JMP 7583b38e C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075441431 2 bytes JMP 758b90f1 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007544144a 2 bytes CALL 758148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Steam\Steam.exe[4184] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754414dd 2 bytes JMP 758b89ea C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754414f5 2 bytes JMP 758b8bc0 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[4184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007544150d 2 bytes JMP 758b88e0 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075441525 2 bytes JMP 758b8caa C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007544153d 2 bytes JMP 7582fce8 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[4184] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075441555 2 bytes JMP 75836937 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007544156d 2 bytes JMP 758b91a9 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075441585 2 bytes JMP 758b8d0a C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[4184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007544159d 2 bytes JMP 758b88a4 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754415b5 2 bytes JMP 7582fd81 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754415cd 2 bytes JMP 7583b324 C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754416b2 2 bytes JMP 758b906c C:\Windows\syswow64\kernel32.dll .text D:\Steam\Steam.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754416bd 2 bytes JMP 758b8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avgnt.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075441401 2 bytes JMP 7583b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avgnt.exe[4320] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075441419 2 bytes JMP 7583b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avgnt.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075441431 2 bytes JMP 758b90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avgnt.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007544144a 2 bytes CALL 758148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Avira\Antivirus\avgnt.exe[4320] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754414dd 2 bytes JMP 758b89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avgnt.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754414f5 2 bytes JMP 758b8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avgnt.exe[4320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007544150d 2 bytes JMP 758b88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avgnt.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075441525 2 bytes JMP 758b8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avgnt.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007544153d 2 bytes JMP 7582fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avgnt.exe[4320] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075441555 2 bytes JMP 75836937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avgnt.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007544156d 2 bytes JMP 758b91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avgnt.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075441585 2 bytes JMP 758b8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avgnt.exe[4320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007544159d 2 bytes JMP 758b88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avgnt.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754415b5 2 bytes JMP 7582fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avgnt.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754415cd 2 bytes JMP 7583b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avgnt.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754416b2 2 bytes JMP 758b906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avgnt.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754416bd 2 bytes JMP 758b8839 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075441401 2 bytes JMP 7583b263 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4496] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075441419 2 bytes JMP 7583b38e C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075441431 2 bytes JMP 758b90f1 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007544144a 2 bytes CALL 758148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Steam\bin\steamwebhelper.exe[4496] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754414dd 2 bytes JMP 758b89ea C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754414f5 2 bytes JMP 758b8bc0 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007544150d 2 bytes JMP 758b88e0 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075441525 2 bytes JMP 758b8caa C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007544153d 2 bytes JMP 7582fce8 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4496] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075441555 2 bytes JMP 75836937 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007544156d 2 bytes JMP 758b91a9 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075441585 2 bytes JMP 758b8d0a C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007544159d 2 bytes JMP 758b88a4 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754415b5 2 bytes JMP 7582fd81 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754415cd 2 bytes JMP 7583b324 C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754416b2 2 bytes JMP 758b906c C:\Windows\syswow64\kernel32.dll .text D:\Steam\bin\steamwebhelper.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754416bd 2 bytes JMP 758b8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075441401 2 bytes JMP 7583b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4640] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075441419 2 bytes JMP 7583b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075441431 2 bytes JMP 758b90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007544144a 2 bytes CALL 758148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4640] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754414dd 2 bytes JMP 758b89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754414f5 2 bytes JMP 758b8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007544150d 2 bytes JMP 758b88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075441525 2 bytes JMP 758b8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007544153d 2 bytes JMP 7582fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4640] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075441555 2 bytes JMP 75836937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007544156d 2 bytes JMP 758b91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075441585 2 bytes JMP 758b8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007544159d 2 bytes JMP 758b88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754415b5 2 bytes JMP 7582fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754415cd 2 bytes JMP 7583b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754416b2 2 bytes JMP 758b906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754416bd 2 bytes JMP 758b8839 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1228] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef4f6741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1228] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef4f65f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1228] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef4f65674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1228] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef4f65e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1228] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef4f67f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1228] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef4f66a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1228] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef4f66ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1228] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef4f67b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1228] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef4f67ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1228] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef4f678b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1228] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef4f64fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1228] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef4f65d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1228] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef4f67584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Threads - GMER 2.2 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4756:5436] 000007fefb532af4 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4756:1176] 000007feea908f70 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4756:5456] 000007fef66c5124 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ???i?z???h???????????;??????ms_ndiswanipv6??????? ???????h?????h???????0??L????????? ????????????h?i?h???????f??????p???? ???????h?????????????0????????????????????? ???????h?????????????0????????????????????? ???????h?????????????0?????????????????????????h???;???;???h?h00???????????t??na???h?????h???h???h???h???h???h???h???h???h???h???h???h???h???h???h???h???h???h???????????????????s?3??? ???????h??@system32\drivers\pci.sys,#65538;PCI Device?PCI?????? ???????h?????h???????0????????????&???????????????????????? ???????h?????h???????0????????????????????? ???????h???????????g?0???????????????????????h??????N???????????D?Ne???k?i?i?n?s??USB??????????????s???????????l?g?n?n?s??hdaudbus.inf:Microsoft.ntamd64:HDAudio_Device:6.1.7601.17514:pci\cc_0403????? ???????h?????h???????0????????????????????? ???????h???????????h?0?????????????????????????????;???;??? ???????h?????h???????0???????????????????????h???h???h????????? ???????h???????????h?0?????????????????????????h??????>??? ???????h?????h??? Reg HKLM\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ?????d??{9A516B97-E7C1-451B-9165-C5035994A3F5}??a??????? ??????g????Microsoft???????????????????????????v???????????????{4d36e96c-e325-11ce-bfc1-08002be10318}\0012??????????????|?????l????disk.inf????{E4384479-90EA-4679-A630-CAEF30032468}??????Microsoft????????????????i???v??????Mysz zgodna z HID????t?s?t?t?s?t?s???????????????0??=2???????????|???h????N??????c??????????@volsnap.inf,%msft%;Microsoft???????????????????system32\DRIVERS\avnetflt.sys??????????????????????????????\???????????????????? ???????????????????????????nettun.inf??????????1E???????????i??????@machine.inf,%pci\cc_0604.devicedesc%;Mostek (bridge) standardu PCI do PCI-do-PCI???{8ECC055D-047F-11D1-A537-0000F8753ED1}??????{4d36e97d-e325-11ce-bfc1-08002be10318}???????????????f???e???m?r?s?s?s?s????????????????????????????????????????system32\DRIVERS\lltdio.sys?????NvStreamKms?????6-21-2006???????????????s????????????_??????????????gendisk??l??HDAUDIO\FUNC_01&VEN_14F1&DEV_5069&SUBSYS_1179FC50&REV_1003?HDAUDIO\FUNC_01&VEN_14F1&DEV_5069&SUBSYS_117 ---- EOF - GMER 2.2 ----