GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-08 20:05:02 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006c TOSHIBA_ rev.JURA 119,24GB Running: pgjcqt0w.exe; Driver: C:\Users\janou\AppData\Local\Temp\pgddykog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b11401 2 bytes JMP 74f1b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1256] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b11419 2 bytes JMP 74f1b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b11431 2 bytes JMP 74f98ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b1144a 2 bytes CALL 74ef48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1256] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b114dd 2 bytes JMP 74f987a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b114f5 2 bytes JMP 74f98978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b1150d 2 bytes JMP 74f98698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b11525 2 bytes JMP 74f98a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b1153d 2 bytes JMP 74f0fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1256] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b11555 2 bytes JMP 74f168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b1156d 2 bytes JMP 74f98f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b11585 2 bytes JMP 74f98ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b1159d 2 bytes JMP 74f9865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b115b5 2 bytes JMP 74f0fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b115cd 2 bytes JMP 74f1b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b116b2 2 bytes JMP 74f98e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b116bd 2 bytes JMP 74f985f1 C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88004537cac] \SystemRoot\system32\DRIVERS\360Box64.sys [.text] ---- EOF - GMER 2.1 ----