GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-03-01 14:47:15
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000023 HGST_HTS545050A7E680 rev.GG2OAF10 465,76GB
Running: 7r37z8ob.exe; Driver: C:\Users\PAWEOL~1\AppData\Local\Temp\pxldapog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\mfevtps.exe[1692] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506                                00007ffa9353169a 4 bytes [53, 93, FA, 7F]
.text   C:\Windows\system32\mfevtps.exe[1692] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514                                00007ffa935316a2 4 bytes [53, 93, FA, 7F]
.text   C:\Windows\system32\mfevtps.exe[1692] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118                                   00007ffa9353181a 4 bytes [53, 93, FA, 7F]
.text   C:\Windows\system32\mfevtps.exe[1692] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142                                   00007ffa93531832 4 bytes [53, 93, FA, 7F]
.text   C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1800] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506  00007ffa9353169a 4 bytes [53, 93, FA, 7F]
.text   C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1800] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514  00007ffa935316a2 4 bytes [53, 93, FA, 7F]
.text   C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1800] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118     00007ffa9353181a 4 bytes [53, 93, FA, 7F]
.text   C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1800] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142     00007ffa93531832 4 bytes [53, 93, FA, 7F]
.text   C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[1212] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506       00007ffa9353169a 4 bytes [53, 93, FA, 7F]
.text   C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[1212] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514       00007ffa935316a2 4 bytes [53, 93, FA, 7F]
.text   C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[1212] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118          00007ffa9353181a 4 bytes [53, 93, FA, 7F]
.text   C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[1212] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142          00007ffa93531832 4 bytes [53, 93, FA, 7F]
.text   C:\WINDOWS\Explorer.EXE[3048] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                        00007ffa9353169a 4 bytes [53, 93, FA, 7F]
.text   C:\WINDOWS\Explorer.EXE[3048] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                        00007ffa935316a2 4 bytes [53, 93, FA, 7F]
.text   C:\WINDOWS\Explorer.EXE[3048] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                           00007ffa9353181a 4 bytes [53, 93, FA, 7F]
.text   C:\WINDOWS\Explorer.EXE[3048] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                           00007ffa93531832 4 bytes [53, 93, FA, 7F]
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3524] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                  00007ffa774b1f6a 4 bytes [4B, 77, FA, 7F]
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3524] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                  00007ffa774b1f82 4 bytes [4B, 77, FA, 7F]
.text   C:\Program Files\Common Files\mcafee\platform\McUICnt.exe[3720] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506      00007ffa9353169a 4 bytes [53, 93, FA, 7F]
.text   C:\Program Files\Common Files\mcafee\platform\McUICnt.exe[3720] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514      00007ffa935316a2 4 bytes [53, 93, FA, 7F]
.text   C:\Program Files\Common Files\mcafee\platform\McUICnt.exe[3720] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118         00007ffa9353181a 4 bytes [53, 93, FA, 7F]
.text   C:\Program Files\Common Files\mcafee\platform\McUICnt.exe[3720] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142         00007ffa93531832 4 bytes [53, 93, FA, 7F]
.text   D:\skan\frst\FRST64.exe[772] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                                               00007ffa774b1f6a 4 bytes [4B, 77, FA, 7F]
.text   D:\skan\frst\FRST64.exe[772] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                                               00007ffa774b1f82 4 bytes [4B, 77, FA, 7F]
.text   D:\skan\frst\FRST64.exe[772] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                         00007ffa9353169a 4 bytes [53, 93, FA, 7F]
.text   D:\skan\frst\FRST64.exe[772] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                         00007ffa935316a2 4 bytes [53, 93, FA, 7F]
.text   D:\skan\frst\FRST64.exe[772] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                            00007ffa9353181a 4 bytes [53, 93, FA, 7F]
.text   D:\skan\frst\FRST64.exe[772] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                            00007ffa93531832 4 bytes [53, 93, FA, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [648:672]                                                                                     fffff9600092bb90

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                       unknown MBR code

---- EOF - GMER 2.1 ----