GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-16 09:28:09 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB Running: zuzpsvq3.exe; Driver: C:\Users\Piotr\AppData\Local\Temp\awrdrkog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077321401 2 bytes JMP 767db263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077321419 2 bytes JMP 767db38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077321431 2 bytes JMP 768590f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007732144a 2 bytes CALL 767b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773214dd 2 bytes JMP 768589ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773214f5 2 bytes JMP 76858bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007732150d 2 bytes JMP 768588e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077321525 2 bytes JMP 76858caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007732153d 2 bytes JMP 767cfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077321555 2 bytes JMP 767d6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007732156d 2 bytes JMP 768591a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077321585 2 bytes JMP 76858d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007732159d 2 bytes JMP 768588a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773215b5 2 bytes JMP 767cfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773215cd 2 bytes JMP 767db324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773216b2 2 bytes JMP 7685906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773216bd 2 bytes JMP 76858839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1440] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077321401 2 bytes JMP 767db263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1440] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077321419 2 bytes JMP 767db38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077321431 2 bytes JMP 768590f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007732144a 2 bytes CALL 767b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1440] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773214dd 2 bytes JMP 768589ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1440] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773214f5 2 bytes JMP 76858bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1440] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007732150d 2 bytes JMP 768588e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1440] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077321525 2 bytes JMP 76858caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1440] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007732153d 2 bytes JMP 767cfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1440] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077321555 2 bytes JMP 767d6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1440] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007732156d 2 bytes JMP 768591a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1440] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077321585 2 bytes JMP 76858d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1440] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007732159d 2 bytes JMP 768588a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1440] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773215b5 2 bytes JMP 767cfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1440] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773215cd 2 bytes JMP 767db324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1440] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773216b2 2 bytes JMP 7685906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1440] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773216bd 2 bytes JMP 76858839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077321401 2 bytes JMP 767db263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2264] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077321419 2 bytes JMP 767db38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077321431 2 bytes JMP 768590f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007732144a 2 bytes CALL 767b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2264] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773214dd 2 bytes JMP 768589ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773214f5 2 bytes JMP 76858bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007732150d 2 bytes JMP 768588e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077321525 2 bytes JMP 76858caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007732153d 2 bytes JMP 767cfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2264] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077321555 2 bytes JMP 767d6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007732156d 2 bytes JMP 768591a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077321585 2 bytes JMP 76858d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007732159d 2 bytes JMP 768588a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773215b5 2 bytes JMP 767cfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773215cd 2 bytes JMP 767db324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773216b2 2 bytes JMP 7685906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773216bd 2 bytes JMP 76858839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077321401 2 bytes JMP 767db263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2496] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077321419 2 bytes JMP 767db38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077321431 2 bytes JMP 768590f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007732144a 2 bytes CALL 767b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2496] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000773214dd 2 bytes JMP 768589ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000773214f5 2 bytes JMP 76858bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007732150d 2 bytes JMP 768588e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077321525 2 bytes JMP 76858caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007732153d 2 bytes JMP 767cfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2496] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077321555 2 bytes JMP 767d6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007732156d 2 bytes JMP 768591a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077321585 2 bytes JMP 76858d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007732159d 2 bytes JMP 768588a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000773215b5 2 bytes JMP 767cfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000773215cd 2 bytes JMP 767db324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000773216b2 2 bytes JMP 7685906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000773216bd 2 bytes JMP 76858839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2580] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076272bdc 5 bytes JMP 00000000000f36f6 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4344] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000767b8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] ---- EOF - GMER 2.2 ----