GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-03 14:48:43 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST9200827AS rev.3.AAA 186,31GB Running: fcnbz6dr.exe; Driver: C:\Users\marek\AppData\Local\Temp\kwldypog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x9313C6E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x9313C800] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x9313C010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x9313C4D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x9313C300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x9313C3E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x9313C120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x9313C210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x9313C5E0] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwRequestWaitReplyPort + 1499 83075995 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 83095612 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 161F 8309CCE4 8 Bytes [E0, C6, 13, 93, 00, C8, 13, ...] {LOOPNZ 0xffffffc8; ADC EDX, [EBX-0x6cec3800]} .text ntoskrnl.exe!KeRemoveQueueEx + 1667 8309CD2C 4 Bytes [10, C0, 13, 93] .text ntoskrnl.exe!KeRemoveQueueEx + 1687 8309CD4C 4 Bytes [D0, C4, 13, 93] .text ntoskrnl.exe!KeRemoveQueueEx + 1927 8309CFEC 8 Bytes [00, C3, 13, 93, E0, C3, 13, ...] {ADD BL, AL; ADC EDX, [EBX-0x6cec3c20]} .text ntoskrnl.exe!KeRemoveQueueEx + 1937 8309CFFC 8 Bytes [20, C1, 13, 93, 10, C2, 13, ...] {AND CL, AL; ADC EDX, [EBX-0x6cec3df0]} .text ... ? C:\Users\marek\AppData\Local\Temp\kwldypog.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[936] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[936] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[936] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtMapViewOfSection + 6 77425C6E 4 Bytes [18, 20, 1D, 70] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtMapViewOfSection + B 77425C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1512] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgui.exe[1600] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgui.exe[1600] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgui.exe[1600] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[1632] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[1632] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[1632] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtCreateFile + 6 7742560E 4 Bytes [28, 50, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtCreateFile + B 77425613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtMapViewOfSection + 6 77425C6E 4 Bytes [28, 53, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtMapViewOfSection + B 77425C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtOpenFile + 6 77425D1E 4 Bytes [68, 50, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtOpenFile + B 77425D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtOpenProcess + 6 77425DCE 4 Bytes [A8, 51, 00, 01] {TEST AL, 0x51; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtOpenProcess + B 77425DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtOpenProcessToken + B 77425DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtOpenProcessTokenEx + 6 77425DEE 4 Bytes [A8, 52, 00, 01] {TEST AL, 0x52; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtOpenProcessTokenEx + B 77425DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtOpenThread + 6 77425E4E 4 Bytes [68, 51, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtOpenThread + B 77425E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtOpenThreadToken + 6 77425E5E 4 Bytes [68, 52, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtOpenThreadToken + B 77425E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtOpenThreadTokenEx + B 77425E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtQueryAttributesFile + 6 77425F7E 4 Bytes [A8, 50, 00, 01] {TEST AL, 0x50; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtQueryAttributesFile + B 77425F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtQueryFullAttributesFile + B 77426033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtSetInformationFile + 6 7742667E 4 Bytes [28, 51, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtSetInformationFile + B 77426683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtSetInformationThread + 6 774266DE 4 Bytes [28, 52, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtSetInformationThread + B 774266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtUnmapViewOfSection + 6 774269FE 4 Bytes [68, 53, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtUnmapViewOfSection + B 77426A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1780] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\vsnp2uvc.exe[2036] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\vsnp2uvc.exe[2036] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\vsnp2uvc.exe[2036] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\conhost.exe[2216] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\conhost.exe[2216] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\conhost.exe[2216] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2412] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2412] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2412] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[2680] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[2680] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[2680] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2688] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2688] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2688] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\Dwm.exe[2692] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\Dwm.exe[2692] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\Dwm.exe[2692] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[2800] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[2800] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe[2800] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\svchost.exe[2812] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\svchost.exe[2812] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\svchost.exe[2812] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3320] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3320] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3320] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\conhost.exe[3324] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\conhost.exe[3324] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\conhost.exe[3324] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[3372] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[3372] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Update\GoogleUpdate.exe[3372] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtCreateFile + 6 7742560E 4 Bytes [28, 0C, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtCreateFile + B 77425613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtMapViewOfSection + 6 77425C6E 4 Bytes [28, 0F, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtMapViewOfSection + B 77425C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenFile + 6 77425D1E 4 Bytes [68, 0C, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenFile + B 77425D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcess + 6 77425DCE 4 Bytes [A8, 0D, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcess + B 77425DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcessToken + B 77425DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcessTokenEx + 6 77425DEE 4 Bytes [A8, 0E, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcessTokenEx + B 77425DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThread + 6 77425E4E 4 Bytes [68, 0D, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThread + B 77425E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThreadToken + 6 77425E5E 4 Bytes [68, 0E, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThreadToken + B 77425E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThreadTokenEx + B 77425E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtQueryAttributesFile + 6 77425F7E 4 Bytes [A8, 0C, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtQueryAttributesFile + B 77425F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtQueryFullAttributesFile + B 77426033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtSetInformationFile + 6 7742667E 4 Bytes [28, 0D, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtSetInformationFile + B 77426683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtSetInformationThread + 6 774266DE 4 Bytes [28, 0E, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtSetInformationThread + B 774266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtUnmapViewOfSection + 6 774269FE 4 Bytes [68, 0F, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtUnmapViewOfSection + B 77426A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3436] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3836] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3836] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3836] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\taskhost.exe[3876] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\taskhost.exe[3876] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\taskhost.exe[3876] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\Explorer.EXE[4032] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\Explorer.EXE[4032] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\Explorer.EXE[4032] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtCreateFile + 6 7742560E 4 Bytes [28, 6C, 61, 00] {SUB [ECX+0x0], CH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtCreateFile + B 77425613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtMapViewOfSection + 6 77425C6E 4 Bytes [28, 6F, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtMapViewOfSection + B 77425C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtOpenFile + 6 77425D1E 4 Bytes [68, 6C, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtOpenFile + B 77425D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtOpenProcess + 6 77425DCE 4 Bytes [A8, 6D, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtOpenProcess + B 77425DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtOpenProcessToken + 6 77425DDE 4 Bytes CALL 7642BF50 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtOpenProcessToken + B 77425DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtOpenProcessTokenEx + 6 77425DEE 4 Bytes [A8, 6E, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtOpenProcessTokenEx + B 77425DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtOpenThread + 6 77425E4E 4 Bytes [68, 6D, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtOpenThread + B 77425E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtOpenThreadToken + 6 77425E5E 4 Bytes [68, 6E, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtOpenThreadToken + B 77425E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtOpenThreadTokenEx + 6 77425E6E 4 Bytes CALL 7642BFE1 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtOpenThreadTokenEx + B 77425E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtQueryAttributesFile + 6 77425F7E 4 Bytes [A8, 6C, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtQueryAttributesFile + B 77425F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtQueryFullAttributesFile + 6 7742602E 4 Bytes CALL 7642C19F C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtQueryFullAttributesFile + B 77426033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtSetInformationFile + 6 7742667E 4 Bytes [28, 6D, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtSetInformationFile + B 77426683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtSetInformationThread + 6 774266DE 4 Bytes [28, 6E, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtSetInformationThread + B 774266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtUnmapViewOfSection + 6 774269FE 4 Bytes [68, 6F, 61, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtUnmapViewOfSection + B 77426A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4036] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\svchost.exe[4468] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\svchost.exe[4468] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\svchost.exe[4468] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtCreateFile + 6 7742560E 4 Bytes [28, 28, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtCreateFile + B 77425613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtMapViewOfSection + 6 77425C6E 4 Bytes [28, 2B, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtMapViewOfSection + B 77425C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenFile + 6 77425D1E 4 Bytes [68, 28, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenFile + B 77425D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcess + 6 77425DCE 4 Bytes [A8, 29, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcess + B 77425DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcessToken + B 77425DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcessTokenEx + 6 77425DEE 4 Bytes [A8, 2A, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcessTokenEx + B 77425DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThread + 6 77425E4E 4 Bytes [68, 29, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThread + B 77425E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThreadToken + 6 77425E5E 4 Bytes [68, 2A, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThreadToken + B 77425E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThreadTokenEx + B 77425E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtQueryAttributesFile + 6 77425F7E 4 Bytes [A8, 28, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtQueryAttributesFile + B 77425F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtQueryFullAttributesFile + B 77426033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtSetInformationFile + 6 7742667E 4 Bytes [28, 29, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtSetInformationFile + B 77426683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtSetInformationThread + 6 774266DE 4 Bytes [28, 2A, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtSetInformationThread + B 774266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtUnmapViewOfSection + 6 774269FE 4 Bytes [68, 2B, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtUnmapViewOfSection + B 77426A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4592] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\System32\svchost.exe[4684] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\System32\svchost.exe[4684] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\System32\svchost.exe[4684] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\ctfmon.exe[4816] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\ctfmon.exe[4816] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\ctfmon.exe[4816] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtCreateFile + 6 7742560E 4 Bytes [28, BC, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtCreateFile + B 77425613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtMapViewOfSection 77425C68 5 Bytes JMP 6DA11460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtMapViewOfSection + 6 77425C6E 4 Bytes [28, BF, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtMapViewOfSection + B 77425C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenFile + 6 77425D1E 4 Bytes [68, BC, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenFile + B 77425D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenProcess + 6 77425DCE 4 Bytes [A8, BD, 39, 00] {TEST AL, 0xbd; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenProcess + B 77425DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenProcessToken + 6 77425DDE 4 Bytes CALL 764297A0 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenProcessToken + B 77425DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenProcessTokenEx + 6 77425DEE 4 Bytes [A8, BE, 39, 00] {TEST AL, 0xbe; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenProcessTokenEx + B 77425DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenThread + 6 77425E4E 4 Bytes [68, BD, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenThread + B 77425E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenThreadToken + 6 77425E5E 4 Bytes [68, BE, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenThreadToken + B 77425E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenThreadTokenEx + 6 77425E6E 4 Bytes CALL 76429831 C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtOpenThreadTokenEx + B 77425E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtQueryAttributesFile + 6 77425F7E 4 Bytes [A8, BC, 39, 00] {TEST AL, 0xbc; CMP [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtQueryAttributesFile + B 77425F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtQueryFullAttributesFile + 6 7742602E 4 Bytes CALL 764299EF C:\Windows\system32\iertutil.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtQueryFullAttributesFile + B 77426033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtSetInformationFile + 6 7742667E 4 Bytes [28, BD, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtSetInformationFile + B 77426683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtSetInformationThread + 6 774266DE 4 Bytes [28, BE, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtSetInformationThread + B 774266E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtUnmapViewOfSection + 6 774269FE 4 Bytes [68, BF, 39, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtUnmapViewOfSection + B 77426A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] ntdll.dll!NtWriteVirtualMemory 77426AD8 5 Bytes JMP 6DA11120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5968] kernel32.dll!CreateProcessInternalW 75000852 5 Bytes JMP 6DA11260 C:\Program Files\AVG\AVG2015\avghookx.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@C1DD6B74 122 ---- EOF - GMER 2.1 ----