GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-12-12 21:30:33
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000065 ATA_____ rev.1A01 298,09GB
Running: 52d7c3cl.exe; Driver: C:\Users\user2\AppData\Local\Temp\uwddqkoc.sys


---- Kernel code sections - GMER 2.1 ----

.text   ntkrnlpa.exe!ZwReplaceKey + 1525                                                             83048B55 1 Byte  [06]
.text   ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                       83082BB2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 2.1 ----

.text   C:\Program Files\Internet Explorer\iexplore.exe[1828] kernel32.dll!CreateProcessW            7745204D 5 Bytes  JMP 7034EE00 C:\Program Files\Anvisoft\Anvi Smart Defender\http_hook.dll
.text   C:\Program Files\Internet Explorer\iexplore.exe[1828] kernel32.dll!CopyFileExW               7748B390 5 Bytes  JMP 70350370 C:\Program Files\Anvisoft\Anvi Smart Defender\http_hook.dll
.text   C:\Program Files\Internet Explorer\iexplore.exe[1828] kernel32.dll!MoveFileWithProgressW     77498EE4 5 Bytes  JMP 703501B0 C:\Program Files\Anvisoft\Anvi Smart Defender\http_hook.dll
.text   C:\Program Files\Internet Explorer\iexplore.exe[1828] kernel32.dll!MoveFileExW               77498F08 5 Bytes  JMP 70350240 C:\Program Files\Anvisoft\Anvi Smart Defender\http_hook.dll
.text   C:\Program Files\Internet Explorer\iexplore.exe[1828] advapi32.DLL!CreateProcessAsUserW      76A9C532 3 Bytes  JMP 7034EF50 C:\Program Files\Anvisoft\Anvi Smart Defender\http_hook.dll
.text   C:\Program Files\Internet Explorer\iexplore.exe[1828] advapi32.DLL!CreateProcessAsUserW + 4  76A9C536 1 Byte  [F9]
.text   C:\Program Files\Internet Explorer\iexplore.exe[1828] shell32.DLL!SHFileOperationW           75CB9698 5 Bytes  JMP 703502C0 C:\Program Files\Anvisoft\Anvi Smart Defender\http_hook.dll
.text   C:\Program Files\Internet Explorer\iexplore.exe[2464] kernel32.dll!CreateProcessW            7745204D 5 Bytes  JMP 7034EE00 C:\Program Files\Anvisoft\Anvi Smart Defender\http_hook.dll
.text   C:\Program Files\Internet Explorer\iexplore.exe[2464] kernel32.dll!CopyFileExW               7748B390 5 Bytes  JMP 70350370 C:\Program Files\Anvisoft\Anvi Smart Defender\http_hook.dll
.text   C:\Program Files\Internet Explorer\iexplore.exe[2464] kernel32.dll!MoveFileWithProgressW     77498EE4 5 Bytes  JMP 703501B0 C:\Program Files\Anvisoft\Anvi Smart Defender\http_hook.dll
.text   C:\Program Files\Internet Explorer\iexplore.exe[2464] kernel32.dll!MoveFileExW               77498F08 5 Bytes  JMP 70350240 C:\Program Files\Anvisoft\Anvi Smart Defender\http_hook.dll
.text   C:\Program Files\Internet Explorer\iexplore.exe[2464] advapi32.DLL!CreateProcessAsUserW      76A9C532 3 Bytes  JMP 7034EF50 C:\Program Files\Anvisoft\Anvi Smart Defender\http_hook.dll
.text   C:\Program Files\Internet Explorer\iexplore.exe[2464] advapi32.DLL!CreateProcessAsUserW + 4  76A9C536 1 Byte  [F9]
.text   C:\Program Files\Internet Explorer\iexplore.exe[2464] shell32.DLL!SHFileOperationW           75CB9698 5 Bytes  JMP 703502C0 C:\Program Files\Anvisoft\Anvi Smart Defender\http_hook.dll

---- Threads - GMER 2.1 ----

Thread  System [4:2736]                                                                              B405BF2E

---- Registry - GMER 2.1 ----

Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active           
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@45A36FE4  2284

---- EOF - GMER 2.1 ----