GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-17 12:27:26 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TS128GSSD370S rev.N1114H 119,24GB Running: 56x834bv.exe; Driver: E:\!! SMIECI !!\TEMP\ugddapog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075231465 2 bytes [23, 75] .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752314bb 2 bytes [23, 75] .text ... * 2 .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[1324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075231465 2 bytes [23, 75] .text C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe[1324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752314bb 2 bytes [23, 75] .text ... * 2 .text C:\Users\JAREK\Desktop\Testy\56x834bv.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075231465 2 bytes [23, 75] .text C:\Users\JAREK\Desktop\Testy\56x834bv.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752314bb 2 bytes [23, 75] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff8800142601c] \SystemRoot\system32\DRIVERS\360Box64.sys [.text] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[1392] @ C:\Windows\system32\kernel32.dll[ntdll.dll!RtlCreateProcessParametersEx] [7fef8ea5fe0] C:\Program Files (x86)\360\Total Security\safemon\Safehmpg64.dll ---- Processes - GMER 2.2 ---- Library C:\??\C:\Program Files (x86)\360\Total Security\safemon\SafeWrapper.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1392] 00000000731c0000 ---- EOF - GMER 2.2 ----