GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-11 11:01:19 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006e ST500DM0 rev.KC66 465,76GB Running: y0sdn3fr.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldapog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[1992] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075068791 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[1992] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076e91401 2 bytes JMP 000000000779a47c .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[1992] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076e91419 2 bytes JMP 000000000779a494 .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[1992] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076e91431 2 bytes JMP 000000000779a4ac .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[1992] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076e9144a 2 bytes JMP 0000000076f5fcc5 .text ... * 9 .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[1992] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076e914dd 2 bytes JMP 000000000779a558 .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[1992] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076e914f5 2 bytes JMP 000000000779a570 .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[1992] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076e9150d 2 bytes JMP 000000000779a588 .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[1992] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076e91525 2 bytes JMP 000000000779a5a0 .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[1992] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076e9153d 2 bytes JMP 000000000779a5b8 .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[1992] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076e91555 2 bytes JMP 000000000779a5d0 .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[1992] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076e9156d 2 bytes JMP 000000000779a5e8 .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[1992] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076e91585 2 bytes JMP 000000000779a600 .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[1992] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076e9159d 2 bytes JMP 000000000779a618 .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[1992] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076e915b5 2 bytes JMP 000000000779a630 .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[1992] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076e915cd 2 bytes JMP 000000005d37ce48 .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[1992] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076e916b2 2 bytes JMP 000000000779a72d .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[1992] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076e916bd 2 bytes JMP 000000000779a738 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[1440] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076e91401 2 bytes JMP 000000000779a47c .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[1440] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076e91419 2 bytes JMP 000000000779a494 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[1440] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076e91431 2 bytes JMP 000000000779a4ac .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[1440] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076e9144a 2 bytes JMP 0000000076f5fcc5 .text ... * 9 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[1440] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076e914dd 2 bytes JMP 000000000779a558 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[1440] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076e914f5 2 bytes JMP 000000000779a570 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[1440] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076e9150d 2 bytes JMP 000000000779a588 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[1440] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076e91525 2 bytes JMP 000000000779a5a0 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[1440] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076e9153d 2 bytes JMP 000000000779a5b8 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[1440] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076e91555 2 bytes JMP 000000000779a5d0 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[1440] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076e9156d 2 bytes JMP 000000000779a5e8 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[1440] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076e91585 2 bytes JMP 000000000779a600 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[1440] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076e9159d 2 bytes JMP 000000000779a618 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[1440] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076e915b5 2 bytes JMP 000000000779a630 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[1440] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076e915cd 2 bytes JMP 000000005d37ce48 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[1440] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076e916b2 2 bytes JMP 000000000779a72d .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[1440] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076e916bd 2 bytes JMP 000000000779a738 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[4884] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076e91401 2 bytes JMP 000000000779a47c .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[4884] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076e91419 2 bytes JMP 000000000779a494 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[4884] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076e91431 2 bytes JMP 000000000779a4ac .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[4884] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076e9144a 2 bytes JMP 0000000076f5fcc5 .text ... * 9 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[4884] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076e914dd 2 bytes JMP 000000000779a558 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[4884] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076e914f5 2 bytes JMP 000000000779a570 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[4884] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076e9150d 2 bytes JMP 000000000779a588 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[4884] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076e91525 2 bytes JMP 000000000779a5a0 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[4884] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076e9153d 2 bytes JMP 000000000779a5b8 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[4884] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076e91555 2 bytes JMP 000000000779a5d0 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[4884] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076e9156d 2 bytes JMP 000000000779a5e8 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[4884] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076e91585 2 bytes JMP 000000000779a600 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[4884] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076e9159d 2 bytes JMP 000000000779a618 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[4884] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076e915b5 2 bytes JMP 000000000779a630 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[4884] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076e915cd 2 bytes JMP 000000005d37ce48 .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[4884] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076e916b2 2 bytes JMP 000000000779a72d .text C:\Program Files (x86)\LOG System\LOG System - Agent\LOGSystem.Agent.Service.exe[4884] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076e916bd 2 bytes JMP 000000000779a738 .text C:\Program Files (x86)\Pro Surveillance System\PSSProject.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e91401 2 bytes JMP 000000000779a47c .text C:\Program Files (x86)\Pro Surveillance System\PSSProject.exe[6004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e91419 2 bytes JMP 000000000779a494 .text C:\Program Files (x86)\Pro Surveillance System\PSSProject.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e91431 2 bytes JMP 000000000779a4ac .text C:\Program Files (x86)\Pro Surveillance System\PSSProject.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e9144a 2 bytes JMP 0000000076f5fcc5 .text ... * 9 .text C:\Program Files (x86)\Pro Surveillance System\PSSProject.exe[6004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e914dd 2 bytes JMP 000000000779a558 .text C:\Program Files (x86)\Pro Surveillance System\PSSProject.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e914f5 2 bytes JMP 000000000779a570 .text C:\Program Files (x86)\Pro Surveillance System\PSSProject.exe[6004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e9150d 2 bytes JMP 000000000779a588 .text C:\Program Files (x86)\Pro Surveillance System\PSSProject.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e91525 2 bytes JMP 000000000779a5a0 .text C:\Program Files (x86)\Pro Surveillance System\PSSProject.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e9153d 2 bytes JMP 000000000779a5b8 .text C:\Program Files (x86)\Pro Surveillance System\PSSProject.exe[6004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e91555 2 bytes JMP 000000000779a5d0 .text C:\Program Files (x86)\Pro Surveillance System\PSSProject.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e9156d 2 bytes JMP 000000000779a5e8 .text C:\Program Files (x86)\Pro Surveillance System\PSSProject.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e91585 2 bytes JMP 000000000779a600 .text C:\Program Files (x86)\Pro Surveillance System\PSSProject.exe[6004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e9159d 2 bytes JMP 000000000779a618 .text C:\Program Files (x86)\Pro Surveillance System\PSSProject.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e915b5 2 bytes JMP 000000000779a630 .text C:\Program Files (x86)\Pro Surveillance System\PSSProject.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e915cd 2 bytes JMP 000000005d37ce48 .text C:\Program Files (x86)\Pro Surveillance System\PSSProject.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e916b2 2 bytes JMP 000000000779a72d .text C:\Program Files (x86)\Pro Surveillance System\PSSProject.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e916bd 2 bytes JMP 000000000779a738 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----