GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-11 10:52:24 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250315AS rev.0003SDM1 232,89GB Running: jxl59geu.exe; Driver: C:\Users\Szymon\AppData\Local\Temp\pxldrpog.sys ---- System - GMER 2.2 ---- Code \SystemRoot\system32\drivers\MBAMChameleon.sys (Malwarebytes Chameleon/Malwarebytes) KeInsertQueueApc ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 81A81339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81ABAD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeInsertQueueApc 81AF9816 5 Bytes JMP 80C574BF \SystemRoot\system32\drivers\MBAMChameleon.sys (Malwarebytes Chameleon/Malwarebytes) PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A7A2B000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A7A2B123 629 Bytes [65, A2, A7, FE, 05, 34, 65, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 A7A2B399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F A7A2B3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B A7A2B4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- Devices - GMER 2.2 ---- Device \FileSystem\MBAMFarflt \Device\FARFLTDV A7AAAC42 Device \FileSystem\MBAMWebProtection \Device\StreamEitor A7A89E3C ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----