GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-24 15:33:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 ADATA_SP920SS rev.1.09 238,47GB Running: gmer.exe; Driver: C:\Users\MICHA~1\AppData\Local\Temp\uxddypog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\AVAST Software\Avast\avastui.exe[2312] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075738769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegCreateKeyExW] [7fef9aab4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegDeleteValueW] [7fef9aabbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegOpenKeyExW] [7fef9aab6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegSetValueExW] [7fef9aabaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\msiexec.exe[KERNEL32.dll!GetProcAddress] [7fefd124230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileW] [7fef9aaa184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [7fefd124230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW] [7fef9aaa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW] [7fef9aaa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegOpenKeyExW] [7fef9aab6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegCreateKeyExW] [7fef9aab4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegSetValueExW] [7fef9aabaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fefd124230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateFileW] [7fef9aaa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CopyFileW] [7fef9aaa184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!DeleteFileW] [7fef9aaa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CreateFileW] [7fef9aaa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fefd124230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!SetFileSecurityW] [7fef9aabcb0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef9aab4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExA] [7fef9aaba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef9aab6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteValueW] [7fef9aabbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteKeyW] [7fef9aad12c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExW] [7fef9aabaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileExW] [7fef9aaa804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\msi.dll[KERNEL32.dll!SetFileAttributesW] [7fef9aaabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileW] [7fef9aaa6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\msi.dll[KERNEL32.dll!DeleteFileW] [7fef9aaa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\msi.dll[KERNEL32.dll!CreateFileW] [7fef9aaa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\msi.dll[KERNEL32.dll!GetProcAddress] [7fefd124230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!CopyFileW] [7fef9aaa184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileExW] [7fef9aaa804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileW] [7fef9aaa6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!DeleteFileW] [7fef9aaa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileW] [7fef9aaa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fef9aaabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesA] [7fef9aaab7c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fefd124230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileA] [7fef9aaa2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!DeleteFileW] [7fef9aaa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!MoveFileExW] [7fef9aaa804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!SetFileAttributesW] [7fef9aaabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CopyFileW] [7fef9aaa184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CreateFileW] [7fef9aaa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!GetProcAddress] [7fefd124230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fefd124230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\sfc_os.DLL[KERNEL32.dll!GetProcAddress] [7fefd124230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!PrivCopyFileExW] [7fef9aaab04] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!MoveFileExW] [7fef9aaa804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fefd124230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!OpenFile] [7fef9aaa890] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!CreateFileW] [7fef9aaa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fefd124230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fefd124230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.DLL[KERNEL32.dll!CreateFileW] [7fef9aaa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.DLL[KERNEL32.dll!GetProcAddress] [7fefd124230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegDeleteValueW] [7fef9aabbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fef9aab4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegSetValueExW] [7fef9aabaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fef9aab6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileExW] [7fef9aaa804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!CreateFileW] [7fef9aaa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!SetFileAttributesW] [7fef9aaabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileW] [7fef9aaa6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!DeleteFileW] [7fef9aaa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fefd124230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fefd124230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!_lwrite] [7fef9aaaa1c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileW] [7fef9aaa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileA] [7fef9aaa2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!DeleteFileW] [7fef9aaa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!CreateFileW] [7fef9aaa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegCreateKeyExA] [7fef9aab3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fefd124230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!MoveFileExW] [7fef9aaa804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[1600] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegSetValueExA] [7fef9aaba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_14734149828642280@SetupOperations ?????|??????????system32\DRIVERS\monitor.sys??????$?????????p???????????????????????????????????????????????????????usb\composite?????????????????????????t????????????????????????t????Microsoft???Microsoft????????????????d???????????????h??????????????????????????????????????????????????????????????machine.inf_amd64_neutral_9e6bb86c3b39a3e9??????????????????????????????????????s?????R????????????n????ReadyBoost????????