GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-03-05 15:06:09 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST3320613AS rev.SD22 298,09GB Running: zyelo8yv.exe; Driver: C:\Users\Damian\AppData\Local\Temp\awrdrpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076848791 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 7686b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 7686b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 768e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 768448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 768e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 768e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 768e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 768e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 7685fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076b21555 2 bytes JMP 76866907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 768e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 768e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 768e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 7685fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 7686b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 768e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 768e8759 C:\Windows\syswow64\kernel32.dll ---- EOF - GMER 2.1 ----