GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-03 22:13:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2 KINGSTON_SV300S37A120G rev.600ABBF0 111,79GB Running: nf4ehic7.exe; Driver: C:\Users\Votor\AppData\Local\Temp\awddikod.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\PnkBstrA.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075721401 2 bytes JMP 7603b233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[1652] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075721419 2 bytes JMP 7603b35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075721431 2 bytes JMP 760b9011 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007572144a 2 bytes CALL 760148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\system32\PnkBstrA.exe[1652] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757214dd 2 bytes JMP 760b890a C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757214f5 2 bytes JMP 760b8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[1652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007572150d 2 bytes JMP 760b8800 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075721525 2 bytes JMP 760b8bca C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007572153d 2 bytes JMP 7602fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[1652] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075721555 2 bytes JMP 76036907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007572156d 2 bytes JMP 760b90c9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075721585 2 bytes JMP 760b8c2a C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[1652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007572159d 2 bytes JMP 760b87c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757215b5 2 bytes JMP 7602fd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757215cd 2 bytes JMP 7603b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757216b2 2 bytes JMP 760b8f8c C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757216bd 2 bytes JMP 760b8759 C:\Windows\syswow64\kernel32.dll ---- Files - GMER 2.2 ---- File C:\Users\Votor\AppData\Local\Mozilla\Firefox\Profiles\z7j1pcos.default\cache2\entries\07A3EF75EC36AF109C3389AFA0A9630AD410F0A4 2076831 bytes ---- EOF - GMER 2.2 ----