GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-03-26 22:52:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465,76GB
Running: dqkslgmj.exe; Driver: C:\Users\Tomek\AppData\Local\Temp\kwddykog.sys


---- User code sections - GMER 2.2 ----

.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1080] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      00000000769e1401 2 bytes JMP 7506b233 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1080] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        00000000769e1419 2 bytes JMP 7506b35e C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1080] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      00000000769e1431 2 bytes JMP 750e9149 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1080] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      00000000769e144a 2 bytes CALL 75044885 C:\windows\syswow64\kernel32.dll
.text   ...                                                                                                                                                       * 9
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1080] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000769e14dd 2 bytes JMP 750e8a42 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1080] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000769e14f5 2 bytes JMP 750e8c18 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1080] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         00000000769e150d 2 bytes JMP 750e8938 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1080] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  00000000769e1525 2 bytes JMP 750e8d02 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1080] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        00000000769e153d 2 bytes JMP 7505fcc0 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1080] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17             00000000769e1555 2 bytes JMP 75066907 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1080] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      00000000769e156d 2 bytes JMP 750e9201 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1080] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        00000000769e1585 2 bytes JMP 750e8d62 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1080] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           00000000769e159d 2 bytes JMP 750e88fc C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1080] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000769e15b5 2 bytes JMP 7505fd59 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1080] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000769e15cd 2 bytes JMP 7506b2f4 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1080] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000769e16b2 2 bytes JMP 750e90c4 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1080] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000769e16bd 2 bytes JMP 750e8891 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe[2796] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                        00000000769e1401 2 bytes JMP 7506b233 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe[2796] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                          00000000769e1419 2 bytes JMP 7506b35e C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe[2796] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                        00000000769e1431 2 bytes JMP 750e9149 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe[2796] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                        00000000769e144a 2 bytes CALL 75044885 C:\windows\syswow64\kernel32.dll
.text   ...                                                                                                                                                       * 9
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe[2796] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                           00000000769e14dd 2 bytes JMP 750e8a42 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe[2796] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                    00000000769e14f5 2 bytes JMP 750e8c18 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe[2796] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                           00000000769e150d 2 bytes JMP 750e8938 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe[2796] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                    00000000769e1525 2 bytes JMP 750e8d02 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe[2796] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                          00000000769e153d 2 bytes JMP 7505fcc0 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe[2796] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                               00000000769e1555 2 bytes JMP 75066907 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe[2796] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                        00000000769e156d 2 bytes JMP 750e9201 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe[2796] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                          00000000769e1585 2 bytes JMP 750e8d62 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe[2796] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                             00000000769e159d 2 bytes JMP 750e88fc C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe[2796] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                          00000000769e15b5 2 bytes JMP 7505fd59 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe[2796] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                        00000000769e15cd 2 bytes JMP 7506b2f4 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe[2796] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                    00000000769e16b2 2 bytes JMP 750e90c4 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\uTorrent.exe[2796] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                    00000000769e16bd 2 bytes JMP 750e8891 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[2996] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17                                          00000000769e1401 2 bytes JMP 7506b233 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[2996] C:\windows\syswow64\Psapi.dll!EnumProcessModules + 17                                            00000000769e1419 2 bytes JMP 7506b35e C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[2996] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 17                                          00000000769e1431 2 bytes JMP 750e9149 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[2996] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 42                                          00000000769e144a 2 bytes CALL 75044885 C:\windows\syswow64\kernel32.dll
.text   ...                                                                                                                                                       * 9
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[2996] C:\windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17                                             00000000769e14dd 2 bytes JMP 750e8a42 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[2996] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17                                      00000000769e14f5 2 bytes JMP 750e8c18 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[2996] C:\windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17                                             00000000769e150d 2 bytes JMP 750e8938 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[2996] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17                                      00000000769e1525 2 bytes JMP 750e8d02 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[2996] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17                                            00000000769e153d 2 bytes JMP 7505fcc0 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[2996] C:\windows\syswow64\Psapi.dll!EnumProcesses + 17                                                 00000000769e1555 2 bytes JMP 75066907 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[2996] C:\windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17                                          00000000769e156d 2 bytes JMP 750e9201 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[2996] C:\windows\syswow64\Psapi.dll!GetPerformanceInfo + 17                                            00000000769e1585 2 bytes JMP 750e8d62 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[2996] C:\windows\syswow64\Psapi.dll!QueryWorkingSet + 17                                               00000000769e159d 2 bytes JMP 750e88fc C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[2996] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17                                            00000000769e15b5 2 bytes JMP 7505fd59 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[2996] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17                                          00000000769e15cd 2 bytes JMP 7506b2f4 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[2996] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20                                      00000000769e16b2 2 bytes JMP 750e90c4 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[2996] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31                                      00000000769e16bd 2 bytes JMP 750e8891 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files\AVAST Software\Avast\AvastUI.exe[2508] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                      0000000075048769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3016] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                  00000000769e1401 2 bytes JMP 7506b233 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3016] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                    00000000769e1419 2 bytes JMP 7506b35e C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3016] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                  00000000769e1431 2 bytes JMP 750e9149 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3016] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                  00000000769e144a 2 bytes CALL 75044885 C:\windows\syswow64\kernel32.dll
.text   ...                                                                                                                                                       * 9
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3016] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                     00000000769e14dd 2 bytes JMP 750e8a42 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3016] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17              00000000769e14f5 2 bytes JMP 750e8c18 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3016] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                     00000000769e150d 2 bytes JMP 750e8938 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3016] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17              00000000769e1525 2 bytes JMP 750e8d02 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3016] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                    00000000769e153d 2 bytes JMP 7505fcc0 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3016] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                         00000000769e1555 2 bytes JMP 75066907 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3016] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                  00000000769e156d 2 bytes JMP 750e9201 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3016] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                    00000000769e1585 2 bytes JMP 750e8d62 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3016] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                       00000000769e159d 2 bytes JMP 750e88fc C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3016] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                    00000000769e15b5 2 bytes JMP 7505fd59 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3016] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                  00000000769e15cd 2 bytes JMP 7506b2f4 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3016] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20              00000000769e16b2 2 bytes JMP 750e90c4 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3016] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31              00000000769e16bd 2 bytes JMP 750e8891 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                  00000000769e1401 2 bytes JMP 7506b233 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3084] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                    00000000769e1419 2 bytes JMP 7506b35e C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                  00000000769e1431 2 bytes JMP 750e9149 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                  00000000769e144a 2 bytes CALL 75044885 C:\windows\syswow64\kernel32.dll
.text   ...                                                                                                                                                       * 9
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3084] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                     00000000769e14dd 2 bytes JMP 750e8a42 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17              00000000769e14f5 2 bytes JMP 750e8c18 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3084] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                     00000000769e150d 2 bytes JMP 750e8938 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17              00000000769e1525 2 bytes JMP 750e8d02 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                    00000000769e153d 2 bytes JMP 7505fcc0 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3084] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                         00000000769e1555 2 bytes JMP 75066907 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                  00000000769e156d 2 bytes JMP 750e9201 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                    00000000769e1585 2 bytes JMP 750e8d62 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3084] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                       00000000769e159d 2 bytes JMP 750e88fc C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                    00000000769e15b5 2 bytes JMP 7505fd59 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                  00000000769e15cd 2 bytes JMP 7506b2f4 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20              00000000769e16b2 2 bytes JMP 750e90c4 C:\windows\syswow64\kernel32.dll
.text   C:\Users\Tomek\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31              00000000769e16bd 2 bytes JMP 750e8891 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5072] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      00000000769e1401 2 bytes JMP 7506b233 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5072] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        00000000769e1419 2 bytes JMP 7506b35e C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5072] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      00000000769e1431 2 bytes JMP 750e9149 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5072] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      00000000769e144a 2 bytes CALL 75044885 C:\windows\syswow64\kernel32.dll
.text   ...                                                                                                                                                       * 9
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5072] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000769e14dd 2 bytes JMP 750e8a42 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5072] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000769e14f5 2 bytes JMP 750e8c18 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5072] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         00000000769e150d 2 bytes JMP 750e8938 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5072] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  00000000769e1525 2 bytes JMP 750e8d02 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5072] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        00000000769e153d 2 bytes JMP 7505fcc0 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5072] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17             00000000769e1555 2 bytes JMP 75066907 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5072] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      00000000769e156d 2 bytes JMP 750e9201 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5072] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        00000000769e1585 2 bytes JMP 750e8d62 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5072] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           00000000769e159d 2 bytes JMP 750e88fc C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5072] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000769e15b5 2 bytes JMP 7505fd59 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5072] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000769e15cd 2 bytes JMP 7506b2f4 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5072] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000769e16b2 2 bytes JMP 750e90c4 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5072] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000769e16bd 2 bytes JMP 750e8891 C:\windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5596] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                         00000000769e1401 2 bytes JMP 7506b233 C:\windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5596] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                           00000000769e1419 2 bytes JMP 7506b35e C:\windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5596] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                         00000000769e1431 2 bytes JMP 750e9149 C:\windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5596] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                         00000000769e144a 2 bytes CALL 75044885 C:\windows\syswow64\KERNEL32.dll
.text   ...                                                                                                                                                       * 9
.text   C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5596] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                            00000000769e14dd 2 bytes JMP 750e8a42 C:\windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5596] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                     00000000769e14f5 2 bytes JMP 750e8c18 C:\windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5596] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                            00000000769e150d 2 bytes JMP 750e8938 C:\windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5596] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                     00000000769e1525 2 bytes JMP 750e8d02 C:\windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5596] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                           00000000769e153d 2 bytes JMP 7505fcc0 C:\windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5596] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                00000000769e1555 2 bytes JMP 75066907 C:\windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5596] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                         00000000769e156d 2 bytes JMP 750e9201 C:\windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5596] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                           00000000769e1585 2 bytes JMP 750e8d62 C:\windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5596] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                              00000000769e159d 2 bytes JMP 750e88fc C:\windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5596] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                           00000000769e15b5 2 bytes JMP 7505fd59 C:\windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5596] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                         00000000769e15cd 2 bytes JMP 7506b2f4 C:\windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5596] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                     00000000769e16b2 2 bytes JMP 750e90c4 C:\windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5596] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                     00000000769e16bd 2 bytes JMP 750e8891 C:\windows\syswow64\KERNEL32.dll

---- Kernel IAT/EAT - GMER 2.2 ----

IAT     C:\windows\system32\drivers\CLASSPNP.SYS[ntoskrnl.exe!IofCallDriver]                                                                                      [fffff88001c3e068] \SystemRoot\system32\drivers\aswSP.sys [.text]

---- Threads - GMER 2.2 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4892:5408]                                                                                            000007fefa7f2ad8
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4892:4416]                                                                                            000007feea7e8a28

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_14898430461992288@SetupOperations                                                        ????????{533c5b84-ec70-11d2-9505-00c04f79deaf}\0010?????? ?C?????.??????????????????????`? ?Z???????????????????????????????????????????????????? ?C??????????????????????????????????#?????????#?????`?????????????????STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT11?????????????????????????\\?\STORAGE#VOLUMESNAPSHOT#HARDDISKVOLUMESNAPSHOT11#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}??????? ?????????????????????0????????????&???????????????????????????????????? ?????????????????????0????????????????????????????? ?????????????????????0????????????????????????????????????????????volsnap.inf?????????????? 0?????????????????volume_snapshot_install?????????????? ?????????????????????0????????????????????????????????? ?????????????????????0????????0?????????????????????????????0?????????????volume_snapshot_install?????????????? ??????????????t???.NTAMD64????? ?????????????????????0????????????????????????????????????????????????????????????????????????????????????????????? ?????????????????????0????????????????????.NTAMD6
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_14898430968542288@SetupOperations                                                        ?????????????????c?????????PI ????????????????????????????????????????????????????????????????sb.inf,%??\SystemRoot\system32\drivers\aswbuniva.sys??? ??\SystemRoot\system32\drivers\aswRvrt.sys? ??????????????????????????????????????????????????????????? ???????????????????h?0????????H??? ??????-10??? ???????|???????????n?:????????????&????????????????????????????????A??????y ???????????????1?????s?T?????????????@?&???&???&???&???&???&???&???&???&???&???&?@?????????????????????????  ??@??? ????????????2?????????????????SAMSUNG Mobile USB Modem??????????????????????v?????????????????C:\windows\ModemLogs\ModemLog_SAMSUNG Mobile USB Modem.txt??????? ???????????????????????????o??????????serialui.dll??????2???????????????T??????s??????????msports.dll,SerialDisplayAdvancedSettings?????>?????????????????SAMSUNG Electronics Co., Ltd. ??????????????????#???????SAMSUNG Mobile USB Modem??????F??????????????2??modemui.dll,ModemPropPagesProvider??????????????????????????????? ??????????????????????????????????cdrom.inf??
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_14898430968542288@FailedOperations                                                       ????????PSCRIPT.HLP?????%SystemRoot%\system32\winevt\Logs\Application.evtx??????\\?\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{088BAF64-830C-4A17-8B1B-04A488B4BD87}?39??? ??????????????????????????????`?b8????????????#???? ?????????????????????0????????????&????????????????????m????N??????o????D??????????????????i??????????? ???????0?????????????,????????$???<????????????????????????????????????????????_???????????????????????????????????????????????y??????????????????????????????????????????? ?????????????????????0????????????????????? ?????????????????????,????????P?,?????????\SystemRoot\system32\drivers\aswKbd.sys?ys????????N?????????????????? ?????????????????????0????????????????????????????????????????????????????????????? ???????????????????U?0????????????????????? ?????????????????????0????????????????????????????????????????????????????????????? ???????????????????????????????????????????T??????????????????????????? ??????????????????????????????????????????????????? ?????????????????
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e8039afc9030                                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e8039afc9030@6c0e0ddc99fa                                                                  0x9B 0x6B 0x24 0xC9 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e8039afc9030@b0c4e7c80c97                                                                  0x0E 0xE6 0x89 0x94 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e8039afc9030@7c0bc6cfc094                                                                  0x96 0x6B 0x24 0xE4 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3F6EDB23-BEEA-4F8A-957E-CCE5E6568665}@LeaseObtainedTime                               1490558819
Reg     HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3F6EDB23-BEEA-4F8A-957E-CCE5E6568665}@T1                                              1490558849
Reg     HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3F6EDB23-BEEA-4F8A-957E-CCE5E6568665}@T2                                              1490558871
Reg     HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3F6EDB23-BEEA-4F8A-957E-CCE5E6568665}@LeaseTerminatesTime                             1490558879
Reg     HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{3f6edb23-beea-4f8a-957e-cce5e6568665}@Dhcpv6MaxLeaseExpireTime                       1490558887
Reg     HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{3f6edb23-beea-4f8a-957e-cce5e6568665}@Dhcpv6LeaseObtainedTime                        1490558827
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_14898430461992288@SetupOperations                                                            ????????@machine.inf,%vdrvroot.devicedesc%;Microsoft Virtual Drive Enumerator Driver????6-21-2006???????aswKbd??????@input.inf,%stdmfg%;(Standardowe urz?dzenia systemowe)??????@usbstor.inf,%generic.mfg%;Zgodne urz?dzenie magazynuj?ce USB???@cpu.inf,%intelppm.devicedesc%;Intel Processor??????@tdibth.inf,%rfcomm.displayname%;Bluetooth Device (RFCOMM Protocol TDI)?????{4d36e965-e325-11ce-bfc1-08002be10318}\0002?????{4d36e97d-e325-11ce-bfc1-08002be10318}\0007??????????????????s??t?????0??????e?????nne??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}???????$???????c???????????????????c??? ???????????????????????????? ?^???????????Atheros Communications??????? ??????????????????? ??????????????n????????????v??4???? ???????n????????????????????$???{???????k???????^?????????????????bthenum\{0000112f-0000-1000-8000-00805f9b34fb}??????????????????????????@machine.inf,%volmgr.devicedesc%;Volume Manager?????@usb.inf,%usb\unknown.devicedesc%;Unknown Device?1????.??????????????????????????????????????????????????????????n?????????
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_14898430968542288@SetupOperations                                                            ????????\\?\USB#VID_04E8&PID_6860#1101bee3ee9c924a#{a5dcbf10-6530-11d2-901f-00c04fb951ed}???Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)?????\??\USB#VID_0E8D&PID_1806#S13W6YAG30124J_#{a5dcbf10-6530-11d2-901f-00c04fb951ed}?o???????????????????????????????????????????????????????i?k?????????????????????????m??????????????????@volsnap.inf,%storage\volumesnapshot.devicedesc%;Generic volume shadow copy?????@volsnap.inf,%storage\volumesnapshot.devicedesc%;Generic volume shadow copy?????time.windows.com,7d43f10?????????????~??Sterownik karty Microsoft ISATAP?p??????@usbprint.inf,%msft%;Microsoft?_Co??????????????????????????????? ????????????????????????????????????????????N?????????????????USB\VID_04E8&PID_6860\1101bee3ee9c924a???????????????.???????.??? ???????????????????????????? ??????????????1????N??????_??????????????? ??????????????????????????????????????@volsnap.inf,%storage\volumesnapshot.devicedesc%;Rodzajowa kopia w 
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_14898430968542288@FailedOperations                                                           ?????????????????????????????????????????????????i?k?????????????????????????m??????????????????@volsnap.inf,%storage\volumesnapshot.devicedesc%;Generic volume shadow copy?????@volsnap.inf,%storage\volumesnapshot.devicedesc%;Generic volume shadow copy?????time.windows.com,7d43f10?????????????~??Sterownik karty Microsoft ISATAP?p??????@usbprint.inf,%msft%;Microsoft?_Co??????????????????????????????? ????????????????????????????????????????????N?????????????????USB\VID_04E8&PID_6860\1101bee3ee9c924a???????????????.???????.??? ???????????????????????????? ??????????????1????N??????_??????????????? ??????????????????????????????????????@volsnap.inf,%storage\volumesnapshot.devicedesc%;Rodzajowa kopia w tle wolumin?w????volume.inf:MSFT.NTamd64:volume_install:6.1.7601.17567:storage\volume????????????@cpu.inf,%intelppm.devicedesc%;Intel Processor?-B7??????????????????????????????????????????????????ActiveSyncWPDEnumerator\UMB\2&306b293b&0&LARK-FREEBIRD-501AT64XWINDOWSCE????\\?\ActiveSyncWPDEnumerator#UMB#2&306b293b&
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e8039afc9030 (not active ControlSet)                                                           
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e8039afc9030@6c0e0ddc99fa                                                                      0x9B 0x6B 0x24 0xC9 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e8039afc9030@b0c4e7c80c97                                                                      0x0E 0xE6 0x89 0x94 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e8039afc9030@7c0bc6cfc094                                                                      0x96 0x6B 0x24 0xE4 ...

---- Disk sectors - GMER 2.2 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                     unknown MBR code

---- EOF - GMER 2.2 ----