GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-25 10:58:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6400BPVT-75HXZT1 rev.01.01A01 596,17GB Running: xd84pc2q.exe; Driver: C:\Users\Magda\AppData\Local\Temp\ugddypob.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1420] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007791a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1420] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077923ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1420] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007793fff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1420] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007794f3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1420] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077979c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1420] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077989700 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1420] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779a8aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1420] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8b32f0 7 bytes JMP 000007fefd8800d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1420] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8baa60 5 bytes JMP 000007fefd880180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1420] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8bac00 5 bytes JMP 000007fefd880110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1420] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8c9ac0 5 bytes JMP 000007fefd880148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1420] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b8830 8 bytes JMP 000007fefd8801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1420] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bb9e0 8 bytes JMP 000007fefd8801b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1420] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec66d10 11 bytes JMP 000007fefd880228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1420] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec7b4f0 7 bytes JMP 000007fefd880260 .text C:\Windows\system32\Dwm.exe[1724] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8b32f0 7 bytes JMP 000007fefd8800d8 .text C:\Windows\system32\Dwm.exe[1724] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8baa60 5 bytes JMP 000007fefd880180 .text C:\Windows\system32\Dwm.exe[1724] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8bac00 5 bytes JMP 000007fefd880110 .text C:\Windows\system32\Dwm.exe[1724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8c9ac0 5 bytes JMP 000007fefd880148 .text C:\Windows\system32\Dwm.exe[1724] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b8830 8 bytes JMP 000007fefd8801f0 .text C:\Windows\system32\Dwm.exe[1724] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bb9e0 8 bytes JMP 000007fefd8801b8 .text C:\Windows\system32\Dwm.exe[1724] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef9abdc88 5 bytes JMP 000007fef9a900d8 .text C:\Windows\system32\Dwm.exe[1724] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef9abde10 5 bytes JMP 000007fef9a90110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2632] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007791a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2632] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077923ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2632] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007793fff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2632] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007794f3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2632] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077979c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2632] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077989700 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2632] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779a8aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2632] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8b32f0 7 bytes JMP 000007fefd8800d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2632] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8baa60 5 bytes JMP 000007fefd880180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2632] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8bac00 5 bytes JMP 000007fefd880110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2632] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8c9ac0 5 bytes JMP 000007fefd880148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2632] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b8830 8 bytes JMP 000007fefd8801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2632] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bb9e0 8 bytes JMP 000007fefd8801b8 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\pproupd.exe[2816] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077ce1401 2 bytes JMP 756eb263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\pproupd.exe[2816] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077ce1419 2 bytes JMP 756eb38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\pproupd.exe[2816] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077ce1431 2 bytes JMP 757690f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\pproupd.exe[2816] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000077ce144a 2 bytes CALL 756c48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\pproupd.exe[2816] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000077ce14dd 2 bytes JMP 757689ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\pproupd.exe[2816] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077ce14f5 2 bytes JMP 75768bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\pproupd.exe[2816] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000077ce150d 2 bytes JMP 757688e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\pproupd.exe[2816] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077ce1525 2 bytes JMP 75768caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\pproupd.exe[2816] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000077ce153d 2 bytes JMP 756dfce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\pproupd.exe[2816] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077ce1555 2 bytes JMP 756e6937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\pproupd.exe[2816] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000077ce156d 2 bytes JMP 757691a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\pproupd.exe[2816] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077ce1585 2 bytes JMP 75768d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\pproupd.exe[2816] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000077ce159d 2 bytes JMP 757688a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\pproupd.exe[2816] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000077ce15b5 2 bytes JMP 756dfd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\pproupd.exe[2816] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000077ce15cd 2 bytes JMP 756eb324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\pproupd.exe[2816] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000077ce16b2 2 bytes JMP 7576906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\pproupd.exe[2816] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000077ce16bd 2 bytes JMP 75768839 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\System32\igfxpers.exe[3412] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8b32f0 7 bytes JMP 000007fefd8800d8 .text C:\Windows\System32\igfxpers.exe[3412] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8baa60 5 bytes JMP 000007fefd880180 .text C:\Windows\System32\igfxpers.exe[3412] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8bac00 5 bytes JMP 000007fefd880110 .text C:\Windows\System32\igfxpers.exe[3412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8c9ac0 5 bytes JMP 000007fefd880148 .text C:\Windows\System32\igfxpers.exe[3412] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b8830 8 bytes JMP 000007fefd8801f0 .text C:\Windows\System32\igfxpers.exe[3412] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bb9e0 8 bytes JMP 000007fefd8801b8 .text C:\Windows\System32\igfxpers.exe[3412] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec66d10 11 bytes JMP 000007fefd880228 .text C:\Windows\System32\igfxpers.exe[3412] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec7b4f0 7 bytes JMP 000007fefd880260 .text C:\Program Files\DellTPad\Apoint.exe[3444] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007791a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\DellTPad\Apoint.exe[3444] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077923ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\DellTPad\Apoint.exe[3444] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007793fff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\DellTPad\Apoint.exe[3444] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007794f3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\DellTPad\Apoint.exe[3444] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077979c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\DellTPad\Apoint.exe[3444] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077989700 5 bytes JMP 000000006fff0148 .text C:\Program Files\DellTPad\Apoint.exe[3444] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779a8aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\DellTPad\Apoint.exe[3444] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8b32f0 7 bytes JMP 000007fefd8800d8 .text C:\Program Files\DellTPad\Apoint.exe[3444] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8baa60 5 bytes JMP 000007fefd880180 .text C:\Program Files\DellTPad\Apoint.exe[3444] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8bac00 5 bytes JMP 000007fefd880110 .text C:\Program Files\DellTPad\Apoint.exe[3444] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8c9ac0 5 bytes JMP 000007fefd880148 .text C:\Program Files\DellTPad\Apoint.exe[3444] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b8830 8 bytes JMP 000007fefd8801f0 .text C:\Program Files\DellTPad\Apoint.exe[3444] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bb9e0 8 bytes JMP 000007fefd8801b8 .text C:\Program Files\DellTPad\Apoint.exe[3444] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec66d10 11 bytes JMP 000007fefd880228 .text C:\Program Files\DellTPad\Apoint.exe[3444] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec7b4f0 7 bytes JMP 000007fefd880260 .text C:\Program Files\IDT\WDM\sttray64.exe[3484] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007791a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\IDT\WDM\sttray64.exe[3484] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077923ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\IDT\WDM\sttray64.exe[3484] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007793fff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\IDT\WDM\sttray64.exe[3484] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007794f3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\IDT\WDM\sttray64.exe[3484] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077979c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\IDT\WDM\sttray64.exe[3484] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077989700 5 bytes JMP 000000006fff0148 .text C:\Program Files\IDT\WDM\sttray64.exe[3484] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779a8aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\IDT\WDM\sttray64.exe[3484] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8b32f0 7 bytes JMP 000007fefd8800d8 .text C:\Program Files\IDT\WDM\sttray64.exe[3484] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8baa60 5 bytes JMP 000007fefd880180 .text C:\Program Files\IDT\WDM\sttray64.exe[3484] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8bac00 5 bytes JMP 000007fefd880110 .text C:\Program Files\IDT\WDM\sttray64.exe[3484] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8c9ac0 5 bytes JMP 000007fefd880148 .text C:\Program Files\IDT\WDM\sttray64.exe[3484] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b8830 8 bytes JMP 000007fefd8801f0 .text C:\Program Files\IDT\WDM\sttray64.exe[3484] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bb9e0 8 bytes JMP 000007fefd8801b8 .text C:\Program Files\IDT\WDM\sttray64.exe[3484] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec66d10 11 bytes JMP 000007fefd880228 .text C:\Program Files\IDT\WDM\sttray64.exe[3484] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec7b4f0 7 bytes JMP 000007fefd880260 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3560] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007791a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3560] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077923ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3560] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007793fff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3560] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007794f3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3560] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077979c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3560] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077989700 5 bytes JMP 000000006fff0148 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3560] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779a8aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3560] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8b32f0 7 bytes JMP 000007fefd8800d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3560] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8baa60 5 bytes JMP 000007fefd880180 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3560] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8bac00 5 bytes JMP 000007fefd880110 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3560] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8c9ac0 5 bytes JMP 000007fefd880148 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3560] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b8830 8 bytes JMP 000007fefd8801f0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3560] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bb9e0 8 bytes JMP 000007fefd8801b8 .text C:\Program Files\DellTPad\HidFind.exe[3676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8b32f0 7 bytes JMP 000007fefd8800d8 .text C:\Program Files\DellTPad\HidFind.exe[3676] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8baa60 5 bytes JMP 000007fefd880180 .text C:\Program Files\DellTPad\HidFind.exe[3676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8bac00 5 bytes JMP 000007fefd880110 .text C:\Program Files\DellTPad\HidFind.exe[3676] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8c9ac0 5 bytes JMP 000007fefd880148 .text C:\Program Files\DellTPad\HidFind.exe[3676] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b8830 8 bytes JMP 000007fefd8801f0 .text C:\Program Files\DellTPad\HidFind.exe[3676] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bb9e0 8 bytes JMP 000007fefd8801b8 .text C:\Program Files\DellTPad\Apntex.exe[3688] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007791a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\DellTPad\Apntex.exe[3688] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077923ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\DellTPad\Apntex.exe[3688] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007793fff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\DellTPad\Apntex.exe[3688] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007794f3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\DellTPad\Apntex.exe[3688] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077979c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\DellTPad\Apntex.exe[3688] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077989700 5 bytes JMP 000000006fff0148 .text C:\Program Files\DellTPad\Apntex.exe[3688] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779a8aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\DellTPad\Apntex.exe[3688] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8b32f0 7 bytes JMP 000007fefd8800d8 .text C:\Program Files\DellTPad\Apntex.exe[3688] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8baa60 5 bytes JMP 000007fefd880180 .text C:\Program Files\DellTPad\Apntex.exe[3688] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8bac00 5 bytes JMP 000007fefd880110 .text C:\Program Files\DellTPad\Apntex.exe[3688] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8c9ac0 5 bytes JMP 000007fefd880148 .text C:\Program Files\DellTPad\Apntex.exe[3688] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b8830 8 bytes JMP 000007fefd8801f0 .text C:\Program Files\DellTPad\Apntex.exe[3688] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bb9e0 8 bytes JMP 000007fefd8801b8 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756c1f0e 7 bytes JMP 0000000070343c50 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756c5bad 7 bytes JMP 0000000070344290 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000756d1431 7 bytes JMP 0000000070343ea0 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000756dea85 7 bytes JMP 0000000070343c40 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 000000007576906c 7 bytes JMP 00000000703436c0 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000757690f1 5 bytes JMP 0000000070343770 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075769447 5 bytes JMP 00000000703436d0 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000778d1e4c 5 bytes JMP 0000000070343680 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000778d1efa 5 bytes JMP 0000000070343640 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000778d2bdc 5 bytes JMP 0000000070343780 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000778d2e7e 5 bytes JMP 0000000070343480 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075bb8a39 5 bytes JMP 0000000070342b20 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075bc4582 5 bytes JMP 0000000070343400 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075bde587 5 bytes JMP 0000000070343470 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075c008ab 5 bytes JMP 0000000070342960 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075c17b24 5 bytes JMP 00000000703433e0 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075a5e74f 5 bytes JMP 0000000070342c60 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075a5e989 5 bytes JMP 0000000070342c70 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077355e75 5 bytes JMP 0000000070342ae0 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077389cbb 5 bytes JMP 0000000070342a70 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077ce1401 2 bytes JMP 756eb263 C:\Windows\syswow64\kernel32.dll .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077ce1419 2 bytes JMP 756eb38e C:\Windows\syswow64\kernel32.dll .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077ce1431 2 bytes JMP 757690f1 C:\Windows\syswow64\kernel32.dll .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077ce144a 2 bytes CALL 756c48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077ce14dd 2 bytes JMP 757689ea C:\Windows\syswow64\kernel32.dll .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077ce14f5 2 bytes JMP 75768bc0 C:\Windows\syswow64\kernel32.dll .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077ce150d 2 bytes JMP 757688e0 C:\Windows\syswow64\kernel32.dll .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077ce1525 2 bytes JMP 75768caa C:\Windows\syswow64\kernel32.dll .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077ce153d 2 bytes JMP 756dfce8 C:\Windows\syswow64\kernel32.dll .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077ce1555 2 bytes JMP 756e6937 C:\Windows\syswow64\kernel32.dll .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077ce156d 2 bytes JMP 757691a9 C:\Windows\syswow64\kernel32.dll .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077ce1585 2 bytes JMP 75768d0a C:\Windows\syswow64\kernel32.dll .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077ce159d 2 bytes JMP 757688a4 C:\Windows\syswow64\kernel32.dll .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077ce15b5 2 bytes JMP 756dfd81 C:\Windows\syswow64\kernel32.dll .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077ce15cd 2 bytes JMP 756eb324 C:\Windows\syswow64\kernel32.dll .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077ce16b2 2 bytes JMP 7576906c C:\Windows\syswow64\kernel32.dll .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077ce16bd 2 bytes JMP 75768839 C:\Windows\syswow64\kernel32.dll .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000070781003 2 bytes [78, 70] .text E:\Programy\RocketDock\RocketDock.exe[3832] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000070781016 2 bytes [78, 70] .text C:\Program Files\DAEMON Tools Lite\DTAgent.exe[3856] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007791a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\DAEMON Tools Lite\DTAgent.exe[3856] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077923ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\DAEMON Tools Lite\DTAgent.exe[3856] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007793fff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\DAEMON Tools Lite\DTAgent.exe[3856] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007794f3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\DAEMON Tools Lite\DTAgent.exe[3856] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077979c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\DAEMON Tools Lite\DTAgent.exe[3856] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077989700 5 bytes JMP 000000006fff0148 .text C:\Program Files\DAEMON Tools Lite\DTAgent.exe[3856] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779a8aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\DAEMON Tools Lite\DTAgent.exe[3856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8b32f0 7 bytes JMP 000007fefd8800d8 .text C:\Program Files\DAEMON Tools Lite\DTAgent.exe[3856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8baa60 5 bytes JMP 000007fefd880180 .text C:\Program Files\DAEMON Tools Lite\DTAgent.exe[3856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8bac00 5 bytes JMP 000007fefd880110 .text C:\Program Files\DAEMON Tools Lite\DTAgent.exe[3856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8c9ac0 5 bytes JMP 000007fefd880148 .text C:\Program Files\DAEMON Tools Lite\DTAgent.exe[3856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b8830 8 bytes JMP 000007fefd8801f0 .text C:\Program Files\DAEMON Tools Lite\DTAgent.exe[3856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bb9e0 8 bytes JMP 000007fefd8801b8 .text C:\Program Files\DAEMON Tools Lite\DTAgent.exe[3856] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec66d10 11 bytes JMP 000007fefd880228 .text C:\Program Files\DAEMON Tools Lite\DTAgent.exe[3856] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec7b4f0 7 bytes JMP 000007fefd880260 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3936] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000756c8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 00000000756c1f0e 7 bytes JMP 0000000070343c50 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 00000000756c5bad 7 bytes JMP 0000000070344290 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000756d1431 7 bytes JMP 0000000070343ea0 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 00000000756dea85 7 bytes JMP 0000000070343c40 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 000000007576906c 7 bytes JMP 00000000703436c0 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000757690f1 5 bytes JMP 0000000070343770 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075769447 5 bytes JMP 00000000703436d0 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000778d1e4c 5 bytes JMP 0000000070343680 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000778d1efa 5 bytes JMP 0000000070343640 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000778d2bdc 5 bytes JMP 0000000070343780 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000778d2e7e 5 bytes JMP 0000000070343480 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075a5e74f 5 bytes JMP 0000000070342c60 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075a5e989 5 bytes JMP 0000000070342c70 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075bb8a39 5 bytes JMP 0000000070342b20 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075bc4582 5 bytes JMP 0000000070343400 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075bde587 5 bytes JMP 0000000070343470 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075c008ab 5 bytes JMP 0000000070342960 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075c17b24 5 bytes JMP 00000000703433e0 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000070781003 2 bytes [78, 70] .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000070781016 2 bytes [78, 70] .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077355e75 5 bytes JMP 0000000070342ae0 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077389cbb 5 bytes JMP 0000000070342a70 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077ce1401 2 bytes JMP 756eb263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077ce1419 2 bytes JMP 756eb38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077ce1431 2 bytes JMP 757690f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000077ce144a 2 bytes CALL 756c48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000077ce14dd 2 bytes JMP 757689ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077ce14f5 2 bytes JMP 75768bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000077ce150d 2 bytes JMP 757688e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077ce1525 2 bytes JMP 75768caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000077ce153d 2 bytes JMP 756dfce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077ce1555 2 bytes JMP 756e6937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000077ce156d 2 bytes JMP 757691a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077ce1585 2 bytes JMP 75768d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000077ce159d 2 bytes JMP 757688a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000077ce15b5 2 bytes JMP 756dfd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000077ce15cd 2 bytes JMP 756eb324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000077ce16b2 2 bytes JMP 7576906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2016\Widget.exe[4020] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000077ce16bd 2 bytes JMP 75768839 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\system32\wuauclt.exe[936] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8b32f0 7 bytes JMP 000007fefd8800d8 .text C:\Windows\system32\wuauclt.exe[936] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8baa60 5 bytes JMP 000007fefd880180 .text C:\Windows\system32\wuauclt.exe[936] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8bac00 5 bytes JMP 000007fefd880110 .text C:\Windows\system32\wuauclt.exe[936] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8c9ac0 5 bytes JMP 000007fefd880148 .text C:\Windows\system32\wuauclt.exe[936] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec66d10 11 bytes JMP 000007fefd880228 .text C:\Windows\system32\wuauclt.exe[936] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec7b4f0 7 bytes JMP 000007fefd880260 .text C:\Windows\system32\wuauclt.exe[936] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b8830 8 bytes JMP 000007fefd8801f0 .text C:\Windows\system32\wuauclt.exe[936] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bb9e0 8 bytes JMP 000007fefd8801b8 .text C:\Users\Magda\Desktop\FRST64.exe[1128] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007791a3e0 7 bytes JMP 000000006fff0228 .text C:\Users\Magda\Desktop\FRST64.exe[1128] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077923ef0 5 bytes JMP 000000006fff0180 .text C:\Users\Magda\Desktop\FRST64.exe[1128] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007793fff0 5 bytes JMP 000000006fff01b8 .text C:\Users\Magda\Desktop\FRST64.exe[1128] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007794f3e0 5 bytes JMP 000000006fff0110 .text C:\Users\Magda\Desktop\FRST64.exe[1128] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077979c70 7 bytes JMP 000000006fff00d8 .text C:\Users\Magda\Desktop\FRST64.exe[1128] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077989700 5 bytes JMP 000000006fff0148 .text C:\Users\Magda\Desktop\FRST64.exe[1128] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779a8aa0 7 bytes JMP 000000006fff01f0 .text C:\Users\Magda\Desktop\FRST64.exe[1128] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8b32f0 7 bytes JMP 000007fefd8800d8 .text C:\Users\Magda\Desktop\FRST64.exe[1128] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8baa60 5 bytes JMP 000007fefd880180 .text C:\Users\Magda\Desktop\FRST64.exe[1128] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8bac00 5 bytes JMP 000007fefd880110 .text C:\Users\Magda\Desktop\FRST64.exe[1128] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8c9ac0 5 bytes JMP 000007fefd880148 .text C:\Users\Magda\Desktop\FRST64.exe[1128] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b8830 8 bytes JMP 000007fefd8801f0 .text C:\Users\Magda\Desktop\FRST64.exe[1128] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bb9e0 8 bytes JMP 000007fefd8801b8 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe[4888] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007791a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe[4888] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077923ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe[4888] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007793fff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe[4888] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007794f3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe[4888] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077979c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe[4888] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077989700 5 bytes JMP 000000006fff0148 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe[4888] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779a8aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe[4888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8b32f0 7 bytes JMP 000007fefd8800d8 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe[4888] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8baa60 5 bytes JMP 000007fefd880180 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe[4888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8bac00 5 bytes JMP 000007fefd880110 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe[4888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8c9ac0 5 bytes JMP 000007fefd880148 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe[4888] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b8830 8 bytes JMP 000007fefd8801f0 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe[4888] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bb9e0 8 bytes JMP 000007fefd8801b8 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe[4888] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec66d10 11 bytes JMP 000007fefd880228 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe[4888] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec7b4f0 7 bytes JMP 000007fefd880260 .text C:\Windows\system32\notepad.exe[4860] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007791a3e0 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\notepad.exe[4860] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077923ef0 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\notepad.exe[4860] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007793fff0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\notepad.exe[4860] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007794f3e0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\notepad.exe[4860] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077979c70 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\notepad.exe[4860] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077989700 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\notepad.exe[4860] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779a8aa0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\notepad.exe[4860] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8b32f0 7 bytes JMP 000007fefd8800d8 .text C:\Windows\system32\notepad.exe[4860] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8baa60 5 bytes JMP 000007fefd880180 .text C:\Windows\system32\notepad.exe[4860] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8bac00 5 bytes JMP 000007fefd880110 .text C:\Windows\system32\notepad.exe[4860] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8c9ac0 5 bytes JMP 000007fefd880148 .text C:\Windows\system32\notepad.exe[4860] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b8830 8 bytes JMP 000007fefd8801f0 .text C:\Windows\system32\notepad.exe[4860] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bb9e0 8 bytes JMP 000007fefd8801b8 .text C:\Windows\system32\notepad.exe[4884] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007791a3e0 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\notepad.exe[4884] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077923ef0 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\notepad.exe[4884] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007793fff0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\notepad.exe[4884] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007794f3e0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\notepad.exe[4884] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077979c70 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\notepad.exe[4884] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077989700 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\notepad.exe[4884] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779a8aa0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\notepad.exe[4884] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8b32f0 7 bytes JMP 000007fefd8800d8 .text C:\Windows\system32\notepad.exe[4884] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8baa60 5 bytes JMP 000007fefd880180 .text C:\Windows\system32\notepad.exe[4884] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8bac00 5 bytes JMP 000007fefd880110 .text C:\Windows\system32\notepad.exe[4884] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8c9ac0 5 bytes JMP 000007fefd880148 .text C:\Windows\system32\notepad.exe[4884] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b8830 8 bytes JMP 000007fefd8801f0 .text C:\Windows\system32\notepad.exe[4884] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bb9e0 8 bytes JMP 000007fefd8801b8 .text C:\Windows\system32\notepad.exe[5020] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007791a3e0 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\notepad.exe[5020] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077923ef0 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\notepad.exe[5020] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007793fff0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\notepad.exe[5020] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007794f3e0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\notepad.exe[5020] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077979c70 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\notepad.exe[5020] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077989700 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\notepad.exe[5020] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779a8aa0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\notepad.exe[5020] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8b32f0 7 bytes JMP 000007fefd8800d8 .text C:\Windows\system32\notepad.exe[5020] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8baa60 5 bytes JMP 000007fefd880180 .text C:\Windows\system32\notepad.exe[5020] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8bac00 5 bytes JMP 000007fefd880110 .text C:\Windows\system32\notepad.exe[5020] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8c9ac0 5 bytes JMP 000007fefd880148 .text C:\Windows\system32\notepad.exe[5020] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe0b8830 8 bytes JMP 000007fefd8801f0 .text C:\Windows\system32\notepad.exe[5020] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe0bb9e0 8 bytes JMP 000007fefd8801b8 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756c1f0e 7 bytes JMP 0000000070343c50 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756c5bad 7 bytes JMP 0000000070344290 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000756d1431 7 bytes JMP 0000000070343ea0 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000756dea85 7 bytes JMP 0000000070343c40 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 000000007576906c 7 bytes JMP 00000000703436c0 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000757690f1 5 bytes JMP 0000000070343770 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075769447 5 bytes JMP 00000000703436d0 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000778d1e4c 5 bytes JMP 0000000070343680 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000778d1efa 5 bytes JMP 0000000070343640 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000778d2bdc 5 bytes JMP 0000000070343780 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000778d2e7e 5 bytes JMP 0000000070343480 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075a5e74f 5 bytes JMP 0000000070342c60 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075a5e989 5 bytes JMP 0000000070342c70 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075bc4582 5 bytes JMP 0000000070343400 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075bde587 5 bytes JMP 0000000070343470 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075c008ab 5 bytes JMP 0000000070342960 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075c17b24 5 bytes JMP 00000000703433e0 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000070781003 2 bytes [78, 70] .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000070781016 2 bytes [78, 70] .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077ce1401 2 bytes JMP 756eb263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077ce1419 2 bytes JMP 756eb38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077ce1431 2 bytes JMP 757690f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077ce144a 2 bytes CALL 756c48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077ce14dd 2 bytes JMP 757689ea C:\Windows\syswow64\kernel32.dll .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077ce14f5 2 bytes JMP 75768bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077ce150d 2 bytes JMP 757688e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077ce1525 2 bytes JMP 75768caa C:\Windows\syswow64\kernel32.dll .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077ce153d 2 bytes JMP 756dfce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077ce1555 2 bytes JMP 756e6937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077ce156d 2 bytes JMP 757691a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077ce1585 2 bytes JMP 75768d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077ce159d 2 bytes JMP 757688a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077ce15b5 2 bytes JMP 756dfd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077ce15cd 2 bytes JMP 756eb324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077ce16b2 2 bytes JMP 7576906c C:\Windows\syswow64\kernel32.dll .text C:\Users\Magda\Desktop\xd84pc2q.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077ce16bd 2 bytes JMP 75768839 C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001081e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001081c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001082654] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001082a50] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010828ac] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80078552c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80078552c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80078552c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80078552c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa80078552c0 Device \FileSystem\Ntfs \Ntfs fffffa800785d2c0 Device \FileSystem\fastfat \Fat fffffa800a1ff2c0 Device \Driver\USBSTOR \Device\00000088 fffffa800915d2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80081762c0 Device \Driver\cdrom \Device\CdRom0 fffffa8007d542c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{5953336D-2ABE-4DFD-BE57-9B88D2F2F6C8} fffffa8007ec12c0 Device \Driver\cdrom \Device\CdRom1 fffffa8007d542c0 Device \Driver\cdrom \Device\CdRom4 fffffa8007d542c0 Device \Driver\dtlitescsibus \Device\0000009f fffffa80083fc2c0 Device \Driver\dtlitescsibus \Device\0000009b fffffa80083fc2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80081762c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80081762c0 Device \Driver\USBSTOR \Device\00000096 fffffa800915d2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{69889CC1-C7E7-40F2-A51F-D295F19F4B84} fffffa8007ec12c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007ec12c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80078552c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80081762c0 Device \Driver\USBSTOR \Device\00000087 fffffa800915d2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80078552c0 Device \Driver\USBSTOR \Device\00000097 fffffa800915d2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80078552c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{1C916E58-BA1A-4B4C-B335-0E1D36AFC320} fffffa8007ec12c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80078552c0]<< sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa80078552c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bf1790] fffffa8007bf1790 Trace 3 CLASSPNP.SYS[fffff8800185043f] -> nt!IofCallDriver -> [0xfffffa80079a2e40] fffffa80079a2e40 Trace 5 ACPI.sys[fffff880011ab7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800799f060] fffffa800799f060 Trace \Driver\atapi[0xfffffa800791b470] -> IRP_MJ_CREATE -> 0xfffffa80078552c0 fffffa80078552c0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_14763008835382280@SetupOperations ???/????????????????????t???????????????????????????????Sterownik pami?ci masowej USB???Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz????%?%?*?*?%?*?*?*?????????????{???????|???????n???i??????t???? ???????U???????????5?,??`?????"???;??????????????????????????????}??????d?????????????????????????????????????? ???????????????????5?,????????????'?????????????????????????X?????????????? ???????????????????5?,??"?????????0???????????????????????????@C:\Windows\system32\NVSVCR.DLL,-4025,5 (High)?????? D???????????????????????$??????????????????????????????????????????? ?????????????????????~??????????????????????s?????????????? ???????U???????????5?,??N?????f???]???????????????????????????????????????????????}?????N??????????????????????????/???????????????5??0???????? ???????????????????5?,????????????'????????????????????}??? ???????f???????????^?0?????????????????????$??????????????????????????????????????? ???????A??????l-??????CNMPDCA.DLL??m??????????????????????????????????????????????????$???4????? ??????? ???? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3859f904ffb0 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3859f904ffb0@2c5a054e805d 0x66 0x91 0xCC 0xEB ... Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\18-d6-c7-37-43-3e@TeredoAddress 2001:0:9d38:90d7:c4d:a236:4f22:86ad Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 13849 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 58513 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_14763008835382280@SetupOperations ????De???????????A??????????ow??{71a27cdd-812a-11d0-bec7-08002be2092f}\0013??????????????v???5???????t??{65A9A6CF-64CD-480b-843E-32C86E1BA19F}???????????????????????????&??????????????????????? 2??????????????????????????s?????sis??????????Urz?dzenie wej?ciowe USB?D??? ???????A???????????????????? ?0?'?????????HID_Raw_Inst?o??? *??????o???????????????????1??85????????&??????0??????????????????????????????????????????????????????????? ?????????????????????0????????????????????generic_hid_device?\Hp??????????????????ce???????????????8??E5??? ???????/?????????????,????????????????????ow??????????? ??????????os??????????????????7&8eecfb9&0??????????????S??????di??????????????FH???????????????8??Microsoft?????????????????????(???????????????2??????a??0-???????????7??c1??????????????????? ???_???0??????t1??????????????????D????????,???D???????U??? ???????7?????UBS??? ???????9??????nC??6.1.7601.22374????????&?????????????????generic_hid_device???????_??????????????????? 2?????????????????Urz?dzenie wej?ciowe USB??? Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3859f904ffb0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3859f904ffb0@2c5a054e805d 0x66 0x91 0xCC 0xEB ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Programy\DAEMON Tools Lite\ ---- EOF - GMER 2.2 ----