GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-04 01:05:03 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EZEX-08M2NA0 rev.01.01A01 931,51GB Running: gcgq288r.exe; Driver: C:\Users\USER\AppData\Local\Temp\aftcaaob.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1596] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076df8791 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1596] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075851401 2 bytes JMP 76e1b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1596] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075851419 2 bytes JMP 76e1b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1596] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075851431 2 bytes JMP 76e990f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1596] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007585144a 2 bytes CALL 76df48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1596] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000758514dd 2 bytes JMP 76e989ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1596] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000758514f5 2 bytes JMP 76e98bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1596] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007585150d 2 bytes JMP 76e988e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1596] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075851525 2 bytes JMP 76e98caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1596] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007585153d 2 bytes JMP 76e0fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1596] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075851555 2 bytes JMP 76e16937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1596] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007585156d 2 bytes JMP 76e991a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1596] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075851585 2 bytes JMP 76e98d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1596] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007585159d 2 bytes JMP 76e988a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1596] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000758515b5 2 bytes JMP 76e0fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1596] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000758515cd 2 bytes JMP 76e1b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1596] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000758516b2 2 bytes JMP 76e9906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1596] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000758516bd 2 bytes JMP 76e98839 C:\Windows\syswow64\kernel32.dll ---- EOF - GMER 2.2 ----