GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-25 11:26:42 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FB4O 298,09GB Running: 2isfsscz.exe; Driver: C:\Users\waldek\AppData\Local\Temp\kfdirkod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x914D26E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x914D2800] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x914D2010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x914D24D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x914D2300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x914D23E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x914D2120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x914D2210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x914D25E0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8328B3C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832C4D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 1357 832CC00C 8 Bytes [E0, 26, 4D, 91, 00, 28, 4D, ...] {LOOPNZ 0x28; DEC EBP; XCHG ECX, EAX; ADD [EAX], CH; DEC EBP; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 139F 832CC054 4 Bytes [10, 20, 4D, 91] {ADC [EAX], AH; DEC EBP; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 13BF 832CC074 4 Bytes [D0, 24, 4D, 91] .text ntkrnlpa.exe!KeRemoveQueueEx + 165F 832CC314 8 Bytes [00, 23, 4D, 91, E0, 23, 4D, ...] {ADD [EBX], AH; DEC EBP; XCHG ECX, EAX; LOOPNZ 0x29; DEC EBP; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 166F 832CC324 8 Bytes [20, 21, 4D, 91, 10, 22, 4D, ...] {AND [ECX], AH; DEC EBP; XCHG ECX, EAX; ADC [EDX], AH; DEC EBP; XCHG ECX, EAX} .text ... ---- User code sections - GMER 2.1 ---- .text C:\Windows\WindowsMobile\wmdc.exe[1724] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\WindowsMobile\wmdc.exe[1724] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\WindowsMobile\wmdc.exe[1724] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgui.exe[1764] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgui.exe[1764] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgui.exe[1764] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2220] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2220] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2220] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe[2692] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe[2692] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe[2692] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\conhost.exe[2708] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\conhost.exe[2708] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\conhost.exe[2708] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgnsx.exe[2800] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgnsx.exe[2800] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgnsx.exe[2800] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgemcx.exe[2808] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgemcx.exe[2808] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG\AVG2015\avgemcx.exe[2808] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2856] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2856] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2856] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\ATK Hotkey\HControlUser.exe[3040] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\ATK Hotkey\HControlUser.exe[3040] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\ATK Hotkey\HControlUser.exe[3040] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\ATK Hotkey\LOSD.exe[3044] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\ATK Hotkey\LOSD.exe[3044] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\ATK Hotkey\LOSD.exe[3044] KERNEL32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\taskhost.exe[3088] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\taskhost.exe[3088] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\taskhost.exe[3088] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\taskeng.exe[3152] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\taskeng.exe[3152] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\taskeng.exe[3152] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3180] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3180] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3180] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\Dwm.exe[3200] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\Dwm.exe[3200] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\Dwm.exe[3200] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3260] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3260] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\SearchIndexer.exe[3260] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\Explorer.EXE[3268] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\Explorer.EXE[3268] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\Explorer.EXE[3268] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\ATK Hotkey\WDC.exe[3324] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\ATK Hotkey\WDC.exe[3324] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\ATK Hotkey\WDC.exe[3324] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\blueconnect\DataCardMonitor.exe[3340] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\blueconnect\DataCardMonitor.exe[3340] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\blueconnect\DataCardMonitor.exe[3340] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[3504] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[3504] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[3504] kernel32.dll!SetUnhandledExceptionFilter 74C7F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[3504] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\ATK Hotkey\Hcontrol.exe[3680] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\ATK Hotkey\Hcontrol.exe[3680] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\ATK Hotkey\Hcontrol.exe[3680] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\ATK Hotkey\MsgTranAgt.exe[3688] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\ATK Hotkey\MsgTranAgt.exe[3688] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\ATK Hotkey\MsgTranAgt.exe[3688] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\ATK Hotkey\ATKOSD.exe[3748] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\ATK Hotkey\ATKOSD.exe[3748] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\ATK Hotkey\ATKOSD.exe[3748] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3780] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3780] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3780] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3816] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3816] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3816] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3872] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3872] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3872] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\TeamViewer\TeamViewer.exe[3884] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\TeamViewer\TeamViewer.exe[3884] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\TeamViewer\TeamViewer.exe[3884] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Lenovo\Energy Management\utility.exe[3976] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Lenovo\Energy Management\utility.exe[3976] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Lenovo\Energy Management\utility.exe[3976] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\TeamViewer\tv_w32.exe[3996] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\TeamViewer\tv_w32.exe[3996] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\TeamViewer\tv_w32.exe[3996] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\System32\rundll32.exe[4076] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\System32\rundll32.exe[4076] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\System32\rundll32.exe[4076] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\RealNetworks\RealDownloader\downloader2.exe[4084] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\RealNetworks\RealDownloader\downloader2.exe[4084] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\RealNetworks\RealDownloader\downloader2.exe[4084] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4092] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4092] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4092] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Samsung\AllShare\AllShareAgent.exe[4104] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Samsung\AllShare\AllShareAgent.exe[4104] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Samsung\AllShare\AllShareAgent.exe[4104] KERNEL32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[4160] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[4160] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[4160] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4180] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4180] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4180] kernel32.dll!SetUnhandledExceptionFilter 74C7F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4180] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\svchost.exe[4216] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\svchost.exe[4216] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\svchost.exe[4216] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[4252] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[4252] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG Web TuneUp\vprot.exe[4252] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\iTunes\iTunesHelper.exe[4324] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\iTunes\iTunesHelper.exe[4324] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\iTunes\iTunesHelper.exe[4324] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4644] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4644] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4644] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\mmc.exe[4812] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\mmc.exe[4812] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\mmc.exe[4812] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5020] ntdll.dll!NtCreateFile 775055C8 5 Bytes JMP 59719C03 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5020] ntdll.dll!NtFlushBuffersFile 77505958 5 Bytes JMP 5971990B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5020] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5020] ntdll.dll!NtQueryFullAttributesFile 77505FE8 5 Bytes JMP 597199C0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5020] ntdll.dll!NtReadFile 775062B8 5 Bytes JMP 59719ACD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5020] ntdll.dll!NtReadFileScatter 775062C8 5 Bytes JMP 59AE8C27 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5020] ntdll.dll!NtWriteFile 77506A68 5 Bytes JMP 59719DA7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5020] ntdll.dll!NtWriteFileGather 77506A78 5 Bytes JMP 59AE8C77 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5020] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5020] ntdll.dll!LdrLoadDll 7752223E 5 Bytes JMP 64B4902C C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5020] kernel32.dll!MoveFileExW 74C78DB0 6 Bytes JMP 644914C4 C:\Program Files\Common Files\Spigot\Search Settings\wth190.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5020] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 74C793D6 7 Bytes JMP 59AD2714 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5020] kernel32.dll!QueryPerformanceCounter + 13 74C7C435 7 Bytes JMP 59AD4641 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5020] kernel32.dll!LoadAppInitDlls + 355 74C7F4F6 7 Bytes JMP 59874050 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5020] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5020] USER32.dll!GetWindowInfo 76724B5E 5 Bytes JMP 5A4BC048 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5020] GDI32.dll!GetViewportOrgEx + 26C 7636884B 7 Bytes JMP 59AD0C8F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\System32\svchost.exe[5060] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\System32\svchost.exe[5060] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\System32\svchost.exe[5060] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Users\waldek\AppData\Local\GG\Application\gghub.exe[5140] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Users\waldek\AppData\Local\GG\Application\gghub.exe[5140] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Users\waldek\AppData\Local\GG\Application\gghub.exe[5140] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggapp.exe[5244] ntdll.dll!NtCreateFile 775055C8 5 Bytes JMP 5F786E2C C:\Users\waldek\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggapp.exe[5244] ntdll.dll!NtFlushBuffersFile 77505958 5 Bytes JMP 5F786CC7 C:\Users\waldek\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggapp.exe[5244] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggapp.exe[5244] ntdll.dll!NtQueryFullAttributesFile 77505FE8 5 Bytes JMP 5F786EAD C:\Users\waldek\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggapp.exe[5244] ntdll.dll!NtReadFile 775062B8 5 Bytes JMP 5F786BA3 C:\Users\waldek\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggapp.exe[5244] ntdll.dll!NtReadFileScatter 775062C8 5 Bytes JMP 5F786BEC C:\Users\waldek\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggapp.exe[5244] ntdll.dll!NtWriteFile 77506A68 2 Bytes JMP 5F786C35 C:\Users\waldek\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggapp.exe[5244] ntdll.dll!NtWriteFile + 3 77506A6B 2 Bytes [28, E8] {SUB AL, CH} .text C:\Users\waldek\AppData\Local\GG\Application\ggapp.exe[5244] ntdll.dll!NtWriteFileGather 77506A78 5 Bytes JMP 5F786C7E C:\Users\waldek\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggapp.exe[5244] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggapp.exe[5244] ntdll.dll!LdrLoadDll 7752223E 1 Byte [E9] .text C:\Users\waldek\AppData\Local\GG\Application\ggapp.exe[5244] ntdll.dll!LdrLoadDll 7752223E 5 Bytes JMP 62C41F42 C:\Users\waldek\AppData\Local\GG\Application\xulrunner\mozglue.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggapp.exe[5244] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 74C793D6 7 Bytes JMP 5F74EEC3 C:\Users\waldek\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggapp.exe[5244] kernel32.dll!QueryPerformanceCounter + 13 74C7C435 7 Bytes JMP 5F74EE7B C:\Users\waldek\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggapp.exe[5244] kernel32.dll!LoadAppInitDlls + 355 74C7F4F6 7 Bytes JMP 6072E562 C:\Users\waldek\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggapp.exe[5244] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggapp.exe[5244] USER32.dll!GetWindowInfo 76724B5E 5 Bytes JMP 6010662C C:\Users\waldek\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggapp.exe[5244] GDI32.dll!GetViewportOrgEx + 26C 7636884B 7 Bytes JMP 5F74EEEA C:\Users\waldek\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\waldek\Downloads\2isfsscz.exe[5348] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Users\waldek\Downloads\2isfsscz.exe[5348] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Users\waldek\Downloads\2isfsscz.exe[5348] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Opera\opera.exe[5692] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Opera\opera.exe[5692] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Opera\opera.exe[5692] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\System32\rundll32.exe[5696] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\System32\rundll32.exe[5696] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\System32\rundll32.exe[5696] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[5704] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[5704] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[5704] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5728] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5728] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\ctfmon.exe[5728] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe[5740] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe[5740] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe[5740] kernel32.dll!SetUnhandledExceptionFilter 74C7F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe[5740] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\iPod\bin\iPodService.exe[5824] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\iPod\bin\iPodService.exe[5824] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\iPod\bin\iPodService.exe[5824] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[6324] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[6324] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[6324] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[6836] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[6836] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[6836] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggdrive\ggdrive.exe[7000] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggdrive\ggdrive.exe[7000] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Users\waldek\AppData\Local\GG\Application\ggdrive\ggdrive.exe[7000] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG Web TuneUp\avgcefrend.exe[7160] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG Web TuneUp\avgcefrend.exe[7160] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\AVG Web TuneUp\avgcefrend.exe[7160] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Users\waldek\Downloads\FRST.exe[7400] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Users\waldek\Downloads\FRST.exe[7400] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Users\waldek\Downloads\FRST.exe[7400] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[7452] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[7452] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[7452] KERNEL32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe[7816] ntdll.dll!NtMapViewOfSection 77505C28 5 Bytes JMP 6CE41460 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe[7816] ntdll.dll!NtWriteVirtualMemory 77506A98 5 Bytes JMP 6CE41120 C:\Program Files\AVG\AVG2015\avghookx.dll .text C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe[7816] kernel32.dll!CreateProcessInternalW 74C807A2 5 Bytes JMP 6CE41260 C:\Program Files\AVG\AVG2015\avghookx.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cfca62c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cfca62c@fca13ec61231 0x22 0x36 0x39 0xA1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cfca62c@9c4a7b50f439 0x67 0x7F 0xEF 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cfca62c@18002d23866e 0x1D 0xF0 0xEE 0x70 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cfca62c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cfca62c@fca13ec61231 0x22 0x36 0x39 0xA1 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cfca62c@9c4a7b50f439 0x67 0x7F 0xEF 0x69 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cfca62c@18002d23866e 0x1D 0xF0 0xEE 0x70 ... ---- EOF - GMER 2.1 ----