GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-30 17:40:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10JPVX-75JC3T0 rev.01.01A01 931,51GB
Running: 8z9jspp2.exe; Driver: C:\Users\Krystian\AppData\Local\Temp\pgddqpoc.sys


---- User code sections - GMER 2.1 ----

.text    C:\ProgramData\YbbayXorNC\GEDaPsL.exe[2836] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                       0000000077cf1465 2 bytes [CF, 77]
.text    C:\ProgramData\YbbayXorNC\GEDaPsL.exe[2836] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                      0000000077cf14bb 2 bytes [CF, 77]
.text    ...                                                                                                                                                                       * 2
---- Processes - GMER 2.1 ----

Process  C:\Users\Krystian\AppData\Roaming\WHService\wh.exe (*** suspicious ***) @ C:\Users\Krystian\AppData\Roaming\WHService\wh.exe [2504](2014-12-17 21:32:17)                  0000000000400000
Library  C:\Users\Krystian\AppData\Roaming\WHService\sub\default.dll (*** suspicious ***) @ C:\Users\Krystian\AppData\Roaming\WHService\wh.exe [2504](2014-12-17 21:32:27)         0000000001f60000
Library  C:\Users\Krystian\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3660] (GG drive menu/GG Network S.A.)(2014-11-16 17:32:41)  000000005ff80000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0071cc013982                                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\645a0498cd89                                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\8056f2822cb6                                                                                               
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0071cc013982 (not active ControlSet)                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\645a0498cd89 (not active ControlSet)                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\8056f2822cb6 (not active ControlSet)                                                                           
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A3E36DE1-0782-4F25-2883-B55EF60BB700}                                                           
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A3E36DE1-0782-4F25-2883-B55EF60BB700}@dbabfdpomnnlgmhdnifchmpokbpeibicgaefgame                  0x68 0x61 0x6A 0x63 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A3E36DE1-0782-4F25-2883-B55EF60BB700}@jbabfdpomnnlgmhdnifckpbdmeobganfioipleoojelgndbbelnc      0x68 0x61 0x6A 0x63 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A3E36DE1-0782-4F25-2883-B55EF60BB700}@dbabfdpomnnlgmhdnifcepgnckbmcchppiikbnbn                  0x62 0x61 0x67 0x6F ...

---- EOF - GMER 2.1 ----