GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-09-29 13:32:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD250HJ rev.FH100-05 232,89GB
Running: kyy6sgzv.exe; Driver: C:\Users\Krzych\AppData\Local\Temp\pfrdapod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\PnkBstrA.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                          0000000076331401 2 bytes JMP 7542b20b C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[2752] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                            0000000076331419 2 bytes JMP 7542b336 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                          0000000076331431 2 bytes JMP 754a8f39 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                          000000007633144a 2 bytes CALL 75404885 C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                     * 9
.text  C:\Windows\system32\PnkBstrA.exe[2752] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                             00000000763314dd 2 bytes JMP 754a8832 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                      00000000763314f5 2 bytes JMP 754a8a08 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[2752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                             000000007633150d 2 bytes JMP 754a8728 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                      0000000076331525 2 bytes JMP 754a8af2 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                            000000007633153d 2 bytes JMP 7541fc98 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[2752] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                 0000000076331555 2 bytes JMP 754268df C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                          000000007633156d 2 bytes JMP 754a8ff1 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                            0000000076331585 2 bytes JMP 754a8b52 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[2752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                               000000007633159d 2 bytes JMP 754a86ec C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                            00000000763315b5 2 bytes JMP 7541fd31 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                          00000000763315cd 2 bytes JMP 7542b2cc C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                      00000000763316b2 2 bytes JMP 754a8eb4 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                      00000000763316bd 2 bytes JMP 754a8681 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\AVAST Software\Avast\avastui.exe[2680] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter    0000000075408769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text  C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000076331401 2 bytes JMP 7542b20b C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe[3716] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000076331419 2 bytes JMP 7542b336 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000076331431 2 bytes JMP 754a8f39 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007633144a 2 bytes CALL 75404885 C:\Windows\syswow64\KERNEL32.dll
.text  ...                                                                                                                     * 9
.text  C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe[3716] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000763314dd 2 bytes JMP 754a8832 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000763314f5 2 bytes JMP 754a8a08 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe[3716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         000000007633150d 2 bytes JMP 754a8728 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000076331525 2 bytes JMP 754a8af2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007633153d 2 bytes JMP 7541fc98 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe[3716] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000076331555 2 bytes JMP 754268df C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007633156d 2 bytes JMP 754a8ff1 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000076331585 2 bytes JMP 754a8b52 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe[3716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           000000007633159d 2 bytes JMP 754a86ec C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000763315b5 2 bytes JMP 7541fd31 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000763315cd 2 bytes JMP 7542b2cc C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000763316b2 2 bytes JMP 754a8eb4 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000763316bd 2 bytes JMP 754a8681 C:\Windows\syswow64\KERNEL32.dll

---- Disk sectors - GMER 2.1 ----

Disk   \Device\Harddisk0\DR0                                                                                                   unknown MBR code

---- EOF - GMER 2.1 ----