GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-03-30 22:09:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\0000006d ATA_____ rev.BBF0 111,79GB Running: 8pj1uc4f.exe; Driver: D:\TEMP\axldypow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766c2ab1 5 bytes JMP 0000000000233610 .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2192] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076181401 2 bytes JMP 74a1b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2192] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076181419 2 bytes JMP 74a1b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2192] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076181431 2 bytes JMP 74a98f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2192] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007618144a 2 bytes CALL 749f4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2192] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000761814dd 2 bytes JMP 74a98832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2192] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000761814f5 2 bytes JMP 74a98a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2192] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007618150d 2 bytes JMP 74a98728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2192] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076181525 2 bytes JMP 74a98af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2192] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007618153d 2 bytes JMP 74a0fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2192] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076181555 2 bytes JMP 74a168df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2192] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007618156d 2 bytes JMP 74a98ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2192] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076181585 2 bytes JMP 74a98b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2192] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007618159d 2 bytes JMP 74a986ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2192] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000761815b5 2 bytes JMP 74a0fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2192] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000761815cd 2 bytes JMP 74a1b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2192] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000761816b2 2 bytes JMP 74a98eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2192] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000761816bd 2 bytes JMP 74a98681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d8dc30 5 bytes JMP 0000000076c100a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d8dd50 5 bytes JMP 0000000076c10018 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d8ddb0 5 bytes JMP 0000000076c103d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d8de30 5 bytes JMP 0000000076c101b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d8ded0 5 bytes JMP 0000000076c10128 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d8e380 5 bytes JMP 0000000076c10238 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d8e410 5 bytes JMP 0000000076c102c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076d8e480 5 bytes JMP 0000000076c10348 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d8e940 5 bytes JMP 0000000076c10458 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d8e990 5 bytes JMP 0000000076c104e0 .text C:\Windows\system32\svchost.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d8dc30 5 bytes JMP 0000000076c100a0 .text C:\Windows\system32\svchost.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d8dd50 5 bytes JMP 0000000076c10018 .text C:\Windows\system32\svchost.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d8ddb0 5 bytes JMP 0000000076c103d0 .text C:\Windows\system32\svchost.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d8de30 5 bytes JMP 0000000076c101b0 .text C:\Windows\system32\svchost.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d8ded0 5 bytes JMP 0000000076c10128 .text C:\Windows\system32\svchost.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d8e380 5 bytes JMP 0000000076c10238 .text C:\Windows\system32\svchost.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d8e410 5 bytes JMP 0000000076c102c0 .text C:\Windows\system32\svchost.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076d8e480 5 bytes JMP 0000000076c10348 .text C:\Windows\system32\svchost.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d8e940 5 bytes JMP 0000000076c10458 .text C:\Windows\system32\svchost.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d8e990 5 bytes JMP 0000000076c104e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d8dc30 5 bytes JMP 0000000076c100a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d8dd50 5 bytes JMP 0000000076c10018 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d8ddb0 5 bytes JMP 0000000076c103d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d8de30 5 bytes JMP 0000000076c101b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d8ded0 5 bytes JMP 0000000076c10128 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d8e380 5 bytes JMP 0000000076c10238 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d8e410 5 bytes JMP 0000000076c102c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076d8e480 5 bytes JMP 0000000076c10348 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d8e940 5 bytes JMP 0000000076c10458 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d8e990 5 bytes JMP 0000000076c104e0 .text C:\Windows\system32\conhost.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d8dc30 5 bytes JMP 0000000076c100a0 .text C:\Windows\system32\conhost.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d8dd50 5 bytes JMP 0000000076c10018 .text C:\Windows\system32\conhost.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d8ddb0 5 bytes JMP 0000000076c103d0 .text C:\Windows\system32\conhost.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d8de30 5 bytes JMP 0000000076c101b0 .text C:\Windows\system32\conhost.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d8ded0 5 bytes JMP 0000000076c10128 .text C:\Windows\system32\conhost.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d8e380 5 bytes JMP 0000000076c10238 .text C:\Windows\system32\conhost.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d8e410 5 bytes JMP 0000000076c102c0 .text C:\Windows\system32\conhost.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076d8e480 5 bytes JMP 0000000076c10348 .text C:\Windows\system32\conhost.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d8e940 5 bytes JMP 0000000076c10458 .text C:\Windows\system32\conhost.exe[4820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d8e990 5 bytes JMP 0000000076c104e0 .text C:\Windows\SysWOW64\ctfmon.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000076f3fc90 5 bytes JMP 00000000657923e0 .text C:\Windows\SysWOW64\ctfmon.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f3fe54 5 bytes JMP 0000000065792270 .text C:\Windows\SysWOW64\ctfmon.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f3fee8 5 bytes JMP 00000000657926a0 .text C:\Windows\SysWOW64\ctfmon.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076f3ffb4 5 bytes JMP 0000000065792680 .text C:\Windows\SysWOW64\ctfmon.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f400a8 5 bytes JMP 00000000657925a0 .text C:\Windows\SysWOW64\ctfmon.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f407dc 5 bytes JMP 00000000657926c0 .text C:\Windows\SysWOW64\ctfmon.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076f408b4 5 bytes JMP 0000000065792700 .text C:\Windows\SysWOW64\ctfmon.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000076f4095c 5 bytes JMP 0000000065792740 .text C:\Windows\SysWOW64\ctfmon.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000076f410b8 5 bytes JMP 00000000657926e0 .text C:\Windows\SysWOW64\ctfmon.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000076f41130 5 bytes JMP 0000000065792720 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000076f3fc90 5 bytes JMP 00000000657923e0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f3fe54 5 bytes JMP 0000000065792270 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f3fee8 5 bytes JMP 00000000657926a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076f3ffb4 5 bytes JMP 0000000065792680 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f400a8 5 bytes JMP 00000000657925a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f407dc 5 bytes JMP 00000000657926c0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076f408b4 5 bytes JMP 0000000065792700 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000076f4095c 5 bytes JMP 0000000065792740 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000076f410b8 5 bytes JMP 00000000657926e0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000076f41130 5 bytes JMP 0000000065792720 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7092] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000076f3fc90 5 bytes JMP 00000000657923e0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7092] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f3fe54 5 bytes JMP 0000000065792270 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7092] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f3fee8 5 bytes JMP 00000000657926a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7092] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076f3ffb4 5 bytes JMP 0000000065792680 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7092] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f400a8 5 bytes JMP 00000000657925a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7092] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f407dc 5 bytes JMP 00000000657926c0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7092] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076f408b4 5 bytes JMP 0000000065792700 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7092] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000076f4095c 5 bytes JMP 0000000065792740 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7092] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000076f410b8 5 bytes JMP 00000000657926e0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7092] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000076f41130 5 bytes JMP 0000000065792720 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000076f3fc90 5 bytes JMP 00000000657923e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f3fe54 5 bytes JMP 0000000065792270 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f3fee8 5 bytes JMP 00000000657926a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076f3ffb4 5 bytes JMP 0000000065792680 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f400a8 5 bytes JMP 00000000657925a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f407dc 5 bytes JMP 00000000657926c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076f408b4 5 bytes JMP 0000000065792700 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000076f4095c 5 bytes JMP 0000000065792740 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000076f410b8 5 bytes JMP 00000000657926e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000076f41130 5 bytes JMP 0000000065792720 .text C:\Windows\system32\wbem\wmiprvse.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d8dc30 5 bytes JMP 0000000076c100a0 .text C:\Windows\system32\wbem\wmiprvse.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d8dd50 5 bytes JMP 0000000076c10018 .text C:\Windows\system32\wbem\wmiprvse.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d8ddb0 5 bytes JMP 0000000076c103d0 .text C:\Windows\system32\wbem\wmiprvse.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d8de30 5 bytes JMP 0000000076c101b0 .text C:\Windows\system32\wbem\wmiprvse.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d8ded0 5 bytes JMP 0000000076c10128 .text C:\Windows\system32\wbem\wmiprvse.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d8e380 5 bytes JMP 0000000076c10238 .text C:\Windows\system32\wbem\wmiprvse.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d8e410 5 bytes JMP 0000000076c102c0 .text C:\Windows\system32\wbem\wmiprvse.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076d8e480 5 bytes JMP 0000000076c10348 .text C:\Windows\system32\wbem\wmiprvse.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d8e940 5 bytes JMP 0000000076c10458 .text C:\Windows\system32\wbem\wmiprvse.exe[6936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d8e990 5 bytes JMP 0000000076c104e0 .text C:\Windows\system32\taskeng.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d8dc30 5 bytes JMP 0000000076c100a0 .text C:\Windows\system32\taskeng.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d8dd50 5 bytes JMP 0000000076c10018 .text C:\Windows\system32\taskeng.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d8ddb0 5 bytes JMP 0000000076c103d0 .text C:\Windows\system32\taskeng.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d8de30 5 bytes JMP 0000000076c101b0 .text C:\Windows\system32\taskeng.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d8ded0 5 bytes JMP 0000000076c10128 .text C:\Windows\system32\taskeng.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d8e380 5 bytes JMP 0000000076c10238 .text C:\Windows\system32\taskeng.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d8e410 5 bytes JMP 0000000076c102c0 .text C:\Windows\system32\taskeng.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076d8e480 5 bytes JMP 0000000076c10348 .text C:\Windows\system32\taskeng.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d8e940 5 bytes JMP 0000000076c10458 .text C:\Windows\system32\taskeng.exe[6444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d8e990 5 bytes JMP 0000000076c104e0 .text C:\Users\Johny\Desktop\Logi\8pj1uc4f.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000076f3fc90 5 bytes JMP 00000000657923e0 .text C:\Users\Johny\Desktop\Logi\8pj1uc4f.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076f3fe54 5 bytes JMP 0000000065792270 .text C:\Users\Johny\Desktop\Logi\8pj1uc4f.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000076f3fee8 5 bytes JMP 00000000657926a0 .text C:\Users\Johny\Desktop\Logi\8pj1uc4f.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076f3ffb4 5 bytes JMP 0000000065792680 .text C:\Users\Johny\Desktop\Logi\8pj1uc4f.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000076f400a8 5 bytes JMP 00000000657925a0 .text C:\Users\Johny\Desktop\Logi\8pj1uc4f.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f407dc 5 bytes JMP 00000000657926c0 .text C:\Users\Johny\Desktop\Logi\8pj1uc4f.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076f408b4 5 bytes JMP 0000000065792700 .text C:\Users\Johny\Desktop\Logi\8pj1uc4f.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000076f4095c 5 bytes JMP 0000000065792740 .text C:\Users\Johny\Desktop\Logi\8pj1uc4f.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000076f410b8 5 bytes JMP 00000000657926e0 .text C:\Users\Johny\Desktop\Logi\8pj1uc4f.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000076f41130 5 bytes JMP 0000000065792720 ---- Files - GMER 2.2 ---- File C:\Windows\System32\config\systemprofile\AppData\Local\Avg\av16\temp\avg-46c77045-5d73-4927-9a99-af7a0efca566.tmp 0 bytes File C:\Windows\System32\config\systemprofile\AppData\Local\Avg\av16\temp\avg-ae5e2b18-c399-4774-881e-5069cf7fd203.tmp 0 bytes File C:\Windows\System32\config\systemprofile\AppData\Local\Avg\av16\temp\avg-3afdde6b-815a-4d5e-aa93-de217b850f64.tmp 0 bytes File C:\Windows\System32\config\systemprofile\AppData\Local\Avg\av16\temp\avg-670e7879-295d-4e0c-a86e-aa1e9a1b8660.tmp 0 bytes File C:\Windows\System32\config\systemprofile\AppData\Local\Avg\av16\temp\avg-6b0e7748-ce7b-4c65-a5e8-2e1961376e6c.tmp 0 bytes File C:\Windows\System32\config\systemprofile\AppData\Local\Avg\av16\temp\avg-33b9d808-c9c1-4551-b14c-136ffe3d7048.tmp 0 bytes File C:\Windows\System32\config\systemprofile\AppData\Local\Avg\av16\temp\avg-cc066175-1edd-4b38-8034-606f989aff08.tmp 0 bytes File C:\Windows\System32\config\systemprofile\AppData\Local\Avg\av16\temp\avg-84073e26-f385-4d02-abce-f06085d18700.tmp 0 bytes ---- EOF - GMER 2.2 ----