GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-30 10:38:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_EVO_120GB rev.EXT0CB6Q 111,79GB Running: 4idmximo.exe; Driver: C:\Users\Marcin\AppData\Local\Temp\pxliyfow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1788] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075e38769 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1788] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075021401 2 bytes JMP 75e5b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1788] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075021419 2 bytes JMP 75e5b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1788] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075021431 2 bytes JMP 75ed8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1788] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007502144a 2 bytes CALL 75e34885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1788] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000750214dd 2 bytes JMP 75ed8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1788] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000750214f5 2 bytes JMP 75ed89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1788] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007502150d 2 bytes JMP 75ed86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1788] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075021525 2 bytes JMP 75ed8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1788] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007502153d 2 bytes JMP 75e4fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1788] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075021555 2 bytes JMP 75e568bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1788] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007502156d 2 bytes JMP 75ed8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1788] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075021585 2 bytes JMP 75ed8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1788] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007502159d 2 bytes JMP 75ed86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1788] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000750215b5 2 bytes JMP 75e4fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1788] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000750215cd 2 bytes JMP 75e5b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1788] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000750216b2 2 bytes JMP 75ed8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1788] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000750216bd 2 bytes JMP 75ed8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075021401 2 bytes JMP 75e5b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2600] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075021419 2 bytes JMP 75e5b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075021431 2 bytes JMP 75ed8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007502144a 2 bytes CALL 75e34885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2600] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750214dd 2 bytes JMP 75ed8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750214f5 2 bytes JMP 75ed89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007502150d 2 bytes JMP 75ed86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075021525 2 bytes JMP 75ed8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007502153d 2 bytes JMP 75e4fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2600] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075021555 2 bytes JMP 75e568bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007502156d 2 bytes JMP 75ed8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075021585 2 bytes JMP 75ed8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007502159d 2 bytes JMP 75ed86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750215b5 2 bytes JMP 75e4fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750215cd 2 bytes JMP 75e5b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750216b2 2 bytes JMP 75ed8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750216bd 2 bytes JMP 75ed8651 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3444:3680] 000007fefb192bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3444:1384] 000007fef6c05124 Thread C:\Windows\SysWOW64\rundll32.exe [3964:3952] 0000000010001f00 Thread C:\Windows\System32\svchost.exe [2208:1368] 000007feeb819688 ---- Processes - GMER 2.1 ---- Library D:\ \~$mckprpbbxqelcpk.bak (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [3964](2015-04-30 07:48:43) 000000006f5e0000 ---- EOF - GMER 2.1 ----