GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-14 11:50:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000062 WDC_WD10 rev.01.0 931,51GB Running: pkc5g46n.exe; Driver: C:\Users\PETRI\AppData\Local\Temp\uwddrkoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076691401 2 bytes JMP 761bb20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2012] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076691419 2 bytes JMP 761bb336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076691431 2 bytes JMP 76238f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007669144a 2 bytes CALL 76194885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2012] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766914dd 2 bytes JMP 76238832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766914f5 2 bytes JMP 76238a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007669150d 2 bytes JMP 76238728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076691525 2 bytes JMP 76238af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007669153d 2 bytes JMP 761afc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2012] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076691555 2 bytes JMP 761b68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007669156d 2 bytes JMP 76238ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076691585 2 bytes JMP 76238b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007669159d 2 bytes JMP 762386ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766915b5 2 bytes JMP 761afd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766915cd 2 bytes JMP 761bb2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766916b2 2 bytes JMP 76238eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766916bd 2 bytes JMP 76238681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076691401 2 bytes JMP 761bb20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2560] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076691419 2 bytes JMP 761bb336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076691431 2 bytes JMP 76238f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007669144a 2 bytes CALL 76194885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2560] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766914dd 2 bytes JMP 76238832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766914f5 2 bytes JMP 76238a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007669150d 2 bytes JMP 76238728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076691525 2 bytes JMP 76238af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007669153d 2 bytes JMP 761afc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2560] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076691555 2 bytes JMP 761b68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007669156d 2 bytes JMP 76238ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076691585 2 bytes JMP 76238b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007669159d 2 bytes JMP 762386ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766915b5 2 bytes JMP 761afd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766915cd 2 bytes JMP 761bb2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766916b2 2 bytes JMP 76238eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766916bd 2 bytes JMP 76238681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076691401 2 bytes JMP 761bb20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2960] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076691419 2 bytes JMP 761bb336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076691431 2 bytes JMP 76238f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007669144a 2 bytes CALL 76194885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2960] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766914dd 2 bytes JMP 76238832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766914f5 2 bytes JMP 76238a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007669150d 2 bytes JMP 76238728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076691525 2 bytes JMP 76238af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007669153d 2 bytes JMP 761afc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2960] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076691555 2 bytes JMP 761b68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007669156d 2 bytes JMP 76238ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076691585 2 bytes JMP 76238b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007669159d 2 bytes JMP 762386ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766915b5 2 bytes JMP 761afd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766915cd 2 bytes JMP 761bb2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766916b2 2 bytes JMP 76238eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766916bd 2 bytes JMP 76238681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076691401 2 bytes JMP 761bb20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3980] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076691419 2 bytes JMP 761bb336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076691431 2 bytes JMP 76238f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007669144a 2 bytes CALL 76194885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3980] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766914dd 2 bytes JMP 76238832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766914f5 2 bytes JMP 76238a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007669150d 2 bytes JMP 76238728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076691525 2 bytes JMP 76238af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007669153d 2 bytes JMP 761afc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3980] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076691555 2 bytes JMP 761b68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007669156d 2 bytes JMP 76238ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076691585 2 bytes JMP 76238b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007669159d 2 bytes JMP 762386ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766915b5 2 bytes JMP 761afd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766915cd 2 bytes JMP 761bb2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766916b2 2 bytes JMP 76238eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766916bd 2 bytes JMP 76238681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076691401 2 bytes JMP 761bb20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4000] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076691419 2 bytes JMP 761bb336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076691431 2 bytes JMP 76238f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007669144a 2 bytes CALL 76194885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4000] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766914dd 2 bytes JMP 76238832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766914f5 2 bytes JMP 76238a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007669150d 2 bytes JMP 76238728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076691525 2 bytes JMP 76238af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007669153d 2 bytes JMP 761afc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4000] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076691555 2 bytes JMP 761b68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007669156d 2 bytes JMP 76238ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076691585 2 bytes JMP 76238b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007669159d 2 bytes JMP 762386ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766915b5 2 bytes JMP 761afd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766915cd 2 bytes JMP 761bb2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766916b2 2 bytes JMP 76238eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766916bd 2 bytes JMP 76238681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076691401 2 bytes JMP 761bb20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076691419 2 bytes JMP 761bb336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076691431 2 bytes JMP 76238f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007669144a 2 bytes CALL 76194885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766914dd 2 bytes JMP 76238832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766914f5 2 bytes JMP 76238a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007669150d 2 bytes JMP 76238728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076691525 2 bytes JMP 76238af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007669153d 2 bytes JMP 761afc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076691555 2 bytes JMP 761b68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007669156d 2 bytes JMP 76238ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076691585 2 bytes JMP 76238b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007669159d 2 bytes JMP 762386ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766915b5 2 bytes JMP 761afd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766915cd 2 bytes JMP 761bb2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766916b2 2 bytes JMP 76238eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766916bd 2 bytes JMP 76238681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076691401 2 bytes JMP 761bb20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4596] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076691419 2 bytes JMP 761bb336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076691431 2 bytes JMP 76238f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007669144a 2 bytes CALL 76194885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4596] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766914dd 2 bytes JMP 76238832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766914f5 2 bytes JMP 76238a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007669150d 2 bytes JMP 76238728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076691525 2 bytes JMP 76238af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007669153d 2 bytes JMP 761afc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4596] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076691555 2 bytes JMP 761b68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007669156d 2 bytes JMP 76238ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076691585 2 bytes JMP 76238b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007669159d 2 bytes JMP 762386ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766915b5 2 bytes JMP 761afd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766915cd 2 bytes JMP 761bb2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766916b2 2 bytes JMP 76238eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766916bd 2 bytes JMP 76238681 C:\Windows\syswow64\kernel32.dll ---- Processes - GMER 2.1 ---- Library c:\users\petri\appdata\roaming\.wtw\profiles\nakazdaokazje.com\Plugins64\Emots.plug (*** suspicious ***) @ C:\Program Files\K2T\WTW\wtw.exe [3100] (WTW Plugin/adrian_007)(2014-02-25 15:11:02) 000007feeed20000 Library c:\users\petri\appdata\roaming\.wtw\profiles\nakazdaokazje.com\Plugins64\sounds.plug (*** suspicious ***) @ C:\Program Files\K2T\WTW\wtw.exe [3100](2014-02-25 15:10:57) 000007feeec50000 ---- EOF - GMER 2.1 ----