GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-14 19:45:23 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.1AJ1 931,51GB Running: 0z49s98m.exe; Driver: C:\Users\ROBERT\AppData\Local\Temp\uwwoypob.sys ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [568:576] fffff960009b12d0 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:1300] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:1320] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:1364] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:1396] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:1408] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:1360] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:1568] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:1496] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:1600] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:1632] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:1736] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:1772] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:1816] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:2356] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:2368] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:2476] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:2488] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:2492] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:2496] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:2504] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:2720] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:2724] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:2740] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:2952] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:3376] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:3640] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:3648] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:3684] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:3688] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:3692] 000000006fc23810 Thread C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [1848:3708] 000000006fc23810 Thread C:\WINDOWS\Explorer.EXE [1132:5132] 00007ffba9389970 Thread C:\WINDOWS\Explorer.EXE [1132:14968] 00007ffba938e630 Thread C:\WINDOWS\Explorer.EXE [1132:14744] 00007ffba938e630 Thread C:\WINDOWS\Explorer.EXE [1132:15436] 00007ffba938e630 Thread C:\WINDOWS\Explorer.EXE [1132:15560] 00007ffba938e630 Thread C:\WINDOWS\Explorer.EXE [1132:15600] 00007ffba938e630 Thread C:\WINDOWS\Explorer.EXE [1132:15716] 00007ffba938e630 Thread C:\WINDOWS\Explorer.EXE [1132:8920] 00007ffba938e630 Thread C:\WINDOWS\Explorer.EXE [1132:9548] 00007ffba938e630 Thread C:\WINDOWS\Explorer.EXE [1132:16104] 00007ffba938e630 ---- Processes - GMER 2.1 ---- Library C:\Users\ROBERT\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\ROBERT\AppData\Roaming\Dropbox\bin\Dropbox.exe [4980](2014-11-13 06:49:58) 0000000003b60000 Library c:\users\robert\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfdt2vk.dll (*** suspicious ***) @ C:\Users\ROBERT\AppData\Roaming\Dropbox\bin\Dropbox.exe [4980](2014-12-14 17:42:56) 0000000003a60000 Library C:\Users\ROBERT\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\ROBERT\AppData\Roaming\Dropbox\bin\Dropbox.exe [4980](2013-08-23 19:01:44) 000000006a430000 Library C:\Users\ROBERT\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\ROBERT\AppData\Roaming\Dropbox\bin\Dropbox.exe [4980] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 000000006c700000 ---- EOF - GMER 2.1 ----