GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-09-03 06:33:54 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1 Samsung_SSD_850_EVO_250GB rev.EMT02B6Q 232,89GB Running: gmerinstall.exe; Driver: E:\Temp\Temp\awlcraod.sys ---- User code sections - GMER 2.2 ---- .text C:\Users\kosteq\Desktop\gmerinstall.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000754e1401 2 bytes JMP 7764b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\kosteq\Desktop\gmerinstall.exe[1648] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000754e1419 2 bytes JMP 7764b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\kosteq\Desktop\gmerinstall.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000754e1431 2 bytes JMP 776c9149 C:\Windows\syswow64\kernel32.dll .text C:\Users\kosteq\Desktop\gmerinstall.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000754e144a 2 bytes CALL 77624885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\kosteq\Desktop\gmerinstall.exe[1648] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754e14dd 2 bytes JMP 776c8a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\kosteq\Desktop\gmerinstall.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754e14f5 2 bytes JMP 776c8c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\kosteq\Desktop\gmerinstall.exe[1648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000754e150d 2 bytes JMP 776c8938 C:\Windows\syswow64\kernel32.dll .text C:\Users\kosteq\Desktop\gmerinstall.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000754e1525 2 bytes JMP 776c8d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\kosteq\Desktop\gmerinstall.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000754e153d 2 bytes JMP 7763fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\kosteq\Desktop\gmerinstall.exe[1648] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000754e1555 2 bytes JMP 77646907 C:\Windows\syswow64\kernel32.dll .text C:\Users\kosteq\Desktop\gmerinstall.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000754e156d 2 bytes JMP 776c9201 C:\Windows\syswow64\kernel32.dll .text C:\Users\kosteq\Desktop\gmerinstall.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000754e1585 2 bytes JMP 776c8d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\kosteq\Desktop\gmerinstall.exe[1648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000754e159d 2 bytes JMP 776c88fc C:\Windows\syswow64\kernel32.dll .text C:\Users\kosteq\Desktop\gmerinstall.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754e15b5 2 bytes JMP 7763fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\kosteq\Desktop\gmerinstall.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754e15cd 2 bytes JMP 7764b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\kosteq\Desktop\gmerinstall.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754e16b2 2 bytes JMP 776c90c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\kosteq\Desktop\gmerinstall.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754e16bd 2 bytes JMP 776c8891 C:\Windows\syswow64\kernel32.dll ? C:\Windows\System32\NLSData0000.dll [1648] entry point in ".rdata" section 000000007361c541 ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\mmc.exe [316:1408] 000007fefb3a2bcc ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_15041963436672310@SetupOperations ????rv???????5??????????tL??? ?????????????????????:????????*????????????g???? ??z???e???t???r?r?r?r?r?r?s?s?s?s?s???????????&??????????\??\C:\ProgramData\AVAST Software\Subscriptions??????????????_???????d??????????????????????????????????????????????????????????????????aswVmm??????{5860E1C5-F95C-4a7a-8EC8-8AEF24F379A1}???????(N?????????????????????????????{00000000-0000-0000-0000-000000000000}?PDB??\SystemRoot\system32\drivers\aswbidsdrivera.sys?ys??AC???????????W???????s???????????,??????????????#???\SystemRoot\system32\drivers\aswHwid.sys?ys?io??\SystemRoot\system32\drivers\aswMonFlt.sys?ys???? ???????????????????t??????????R?/??????t???????????????????????????????s?s?s?s?s?s?s?s?s?s?s???s?s?s?s?s?s?s?ste???????z?????x4F??????? ???????n??????????????????????d??? ??????6 8??? ???????????????????????????????????????f??? ??????? ???????p???????????????????t??????@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000?????LocalSystem??e???????????l???????s?s?s?s?s?s?s??????Adres sieciowy??? ???s?s?s?s?s?s?s?s?s?s??? Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_15041963436672310@SetupOperations ????ds??????????$???4????? ??????? ????\???????????????????? ????(??????P????????????????$???????i???????????????????o??????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ??????$??????????????????????????????????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ??????????????? ???'????1??HJ???????????N???????N???N???N???6???????????1???????N???N???N???????????????N?????????????????????????? ????4???4?????????? ????N?????? ????????????4????? ???????j???????????????????????????????????H??? ??????????????????????????????N???????ro???????????????????e???????_???,???????????v???????&??? ???????j???????????????????????????????????b???????????b??????nd??? ??????????????????????????????N???????s\??? ???????????????????????????? ????????????????????????????????????t????AMD FX(tm)-6300 Six-Core Processor ?????AMD FX(tm)-6300 Six-Core Processor ?@W??????s????????&??? ???????j????????????????????? ---- EOF - GMER 2.2 ----