GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-30 15:10:52 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AX00 298,09GB Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxroraoc.sys ---- Processes - GMER 2.2 ---- Library ? (*** suspicious ***) @ c:\PROGRA~2\AVG\Av\avgrsa.exe [492] 000000013f1a0000 Library ? (*** suspicious ***) @ c:\PROGRA~2\AVG\Av\avgrsa.exe [492] 000007feff720000 Library ? (*** suspicious ***) @ c:\PROGRA~2\AVG\Av\avgrsa.exe [492] 000007feff520000 Library ? (*** suspicious ***) @ c:\PROGRA~2\AVG\Av\avgrsa.exe [492] 000007feff3c0000 Library ? (*** suspicious ***) @ c:\PROGRA~2\AVG\Av\avgrsa.exe [492] 000007feff300000 Library ? (*** suspicious ***) @ c:\PROGRA~2\AVG\Av\avgrsa.exe [492] 000007feff280000 Library ? (*** suspicious ***) @ c:\PROGRA~2\AVG\Av\avgrsa.exe [492] 000007feff1f0000 Library ? (*** suspicious ***) @ c:\PROGRA~2\AVG\Av\avgrsa.exe [492] 000007feff1b0000 Library ? (*** suspicious ***) @ c:\PROGRA~2\AVG\Av\avgrsa.exe [492] 000007feff0f0000 Library ? (*** suspicious ***) @ c:\PROGRA~2\AVG\Av\avgrsa.exe [492] 000007fefe510000 Library ? (*** suspicious ***) @ c:\PROGRA~2\AVG\Av\avgrsa.exe [492] 000007fefe470000 Library C:\Program Files (x86)\AVG\Av\avgcsrva.exe (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgcsrva.exe [576] 000000013ffb0000 Library C:\Program Files (x86)\AVG\Av\avgloga.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgcsrva.exe [576] 000007feff720000 Library c:\Program Files (x86)\AVG\Av\avgcmla.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgcsrva.exe [576] 000007feff520000 Library c:\Program Files (x86)\AVG\Av\avgntopenssla.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgcsrva.exe [576] 000007feff3c0000 Library C:\Program Files (x86)\AVG\Av\avgdetallocatora.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgcsrva.exe [576] 000007feff1b0000 Library C:\Program Files (x86)\AVG\Av\avgcorea.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgcsrva.exe [576] 000007fefe660000 Library C:\Program Files (x86)\AVG\Av\avgchcla.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgcsrva.exe [576] 000007fefe610000 Library C:\Program Files (x86)\AVG\Av\avgpsica.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgcsrva.exe [576] 000007fefe5e0000 Library C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2320] 000000013f030000 Library C:\Program Files (x86)\AVG\Framework\Common\avgsysa.fmw.1.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2320] 000007fef34b0000 Library C:\Program Files (x86)\AVG\Framework\Common\avgntopenssla.fmw.1.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2320] 000007fef3350000 Library C:\Program Files (x86)\AVG\Framework\1\avgcmla.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2320] 000007fef4800000 Library C:\Program Files (x86)\AVG\Framework\1\avgloga.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2320] 000007fef3b50000 Library C:\Program Files (x86)\AVG\Framework\1\avgcomma.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2320] 000007fef3ab0000 Library C:\Program Files (x86)\AVG\Framework\1\avgmsgdispa.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2320] 000007fef2ba0000 Library C:\Program Files (x86)\AVG\Framework\1\avgsvcfmwplga.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2320] 000007fef2cf0000 Library C:\Program Files (x86)\AVG\Framework\1\avgnetclia.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2320] 000007fef37b0000 Library C:\Program Files (x86)\AVG\Framework\1\avgopenssla.fmw.1.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2320] 000007fef32f0000 Library C:\Program Files (x86)\AVG\Framework\Common\avgfmwbasea.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2320] 000007fef2310000 Library C:\Program Files (x86)\AVG\Av\avgwdsvca.exe (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000000013fc00000 Library C:\Program Files (x86)\AVG\Framework\1\avgloga.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000007fef3b50000 Library C:\Program Files (x86)\AVG\Framework\1\avgsysa.fmw.1.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000007fef3d20000 Library C:\Program Files (x86)\AVG\Framework\1\avgcmla.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000007fef4800000 Library C:\Program Files (x86)\AVG\Framework\1\avgntopenssla.fmw.1.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000007fef3bc0000 Library C:\Program Files (x86)\AVG\Av\avgwda.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000007fef27e0000 Library C:\Program Files (x86)\AVG\Av\avgntopenssla.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000007feff3c0000 Library C:\Program Files (x86)\AVG\Av\avgcfga.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000007fef35d0000 Library C:\Program Files (x86)\AVG\Framework\1\avgcomma.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000007fef3ab0000 Library C:\Program Files (x86)\AVG\Av\avgsecapia.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000007fef2f60000 Library C:\Program Files (x86)\AVG\Framework\1\avgntsqlitea.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000007fef1d60000 Library C:\Program Files (x86)\AVG\Av\avgdetallocatora.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000007feff1b0000 Library C:\Program Files (x86)\AVG\Av\avgremovala.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000007fef1b70000 Library C:\Program Files (x86)\AVG\Framework\Common\avgfmwbasea.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000007fef2310000 Library C:\Program Files (x86)\AVG\Framework\1\avgmsgdispa.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000007fef2ba0000 Library C:\Program Files (x86)\AVG\Av\avgclita.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000007feff280000 Library C:\Program Files (x86)\AVG\Framework\1\avgucla.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000007fef1b10000 Library C:\Program Files (x86)\AVG\Framework\1\avgnetclia.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000007fef37b0000 Library C:\Program Files (x86)\AVG\Framework\1\avgopenssla.fmw.1.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2440] 000007fef32f0000 Library C:\Program Files (x86)\AVG\Framework\1\avgcmla.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3612] 000007fef4800000 Library C:\Program Files (x86)\AVG\Framework\1\avgsysa.fmw.1.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3612] 000007fef3d20000 Library C:\Program Files (x86)\AVG\Framework\1\avgntopenssla.fmw.1.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3612] 000007fef3bc0000 Library C:\Program Files (x86)\AVG\Framework\1\avgloga.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3612] 000007fef3b50000 Library C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [4660] 00000000013a0000 Library C:\Program Files (x86)\AVG\Framework\Common\avgsysx.fmw.1.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [4660] 00000000738a0000 Library C:\Program Files (x86)\AVG\Framework\Common\avgntopensslx.fmw.1.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [4660] 000000006dcc0000 Library C:\Program Files (x86)\AVG\Framework\1\avgcmlx.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [4660] 000000006c990000 Library C:\Program Files (x86)\AVG\Framework\1\avglogx.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [4660] 000000006c930000 Library C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [4660] 0000000063c80000 Library C:\Program Files (x86)\AVG\Framework\1\avgmsgdispx.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [4660] 000000006ec00000 Library C:\Program Files (x86)\AVG\Framework\1\avgcommx.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [4660] 000000006eb80000 Library C:\Program Files (x86)\AVG\Framework\1\avguifmwplgx.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [4660] 0000000070cd0000 Library C:\Program Files (x86)\AVG\Av\avuipluginx.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [4660] 000000006eb20000 Library C:\Program Files (x86)\AVG\Av\avgsysx.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [4660] 000000006ea30000 Library C:\Program Files (x86)\AVG\Av\avgkrnlapix.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [4660] 000000006b5c0000 Library C:\Program Files (x86)\AVG\Av\avgntopensslx.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [4660] 000000006e7b0000 Library C:\Program Files (x86)\AVG\Av\avgcfgx.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [4660] 000000006e680000 Library C:\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [4660] 000000006f330000 Library C:\Program Files (x86)\AVG\Framework\1\avglngx.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [4660] 0000000070e60000 Library C:\Program Files (x86)\AVG\Av\avguires.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [4660] 000000006ee80000 Library C:\Program Files (x86)\AVG\Av\avgclitx.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [4660] 0000000070da0000 Library C:\Program Files (x86)\AVG\Av\avgui.exe (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgui.exe [7084] 000000013f8d0000 Library C:\Program Files (x86)\AVG\Framework\1\avgcmla.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgui.exe [7084] 000007fef4800000 Library C:\Program Files (x86)\AVG\Framework\1\avgsysa.fmw.1.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgui.exe [7084] 000007fef3d20000 Library C:\Program Files (x86)\AVG\Framework\1\avgntopenssla.fmw.1.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgui.exe [7084] 000007fef3bc0000 Library C:\Program Files (x86)\AVG\Framework\1\avgloga.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgui.exe [7084] 000007fef3b50000 Library C:\Program Files (x86)\AVG\Av\avgkrnlapia.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgui.exe [7084] 000007fee46e0000 Library C:\Program Files (x86)\AVG\Av\avgntopenssla.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgui.exe [7084] 000007feff3c0000 Library C:\Program Files (x86)\AVG\Av\avgcfga.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgui.exe [7084] 000007fef35d0000 Library C:\Program Files (x86)\AVG\Framework\1\avgcomma.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgui.exe [7084] 000007fef3ab0000 Library C:\Program Files (x86)\AVG\Av\avgidpma.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgui.exe [7084] 000007fee7570000 Library C:\Program Files (x86)\AVG\Framework\1\avglnga.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgui.exe [7084] 000007fee6920000 Library C:\Program Files (x86)\AVG\Av\avgclita.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgui.exe [7084] 000007feff280000 Library C:\Program Files (x86)\AVG\Av\avguires.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgui.exe [7084] 000000006ee80000 Library C:\Program Files (x86)\AVG\Av\avgfilevaulta.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\Av\avgui.exe [7084] 000007fee4f10000 ---- EOF - GMER 2.2 ----