GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-30 12:42:33 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB Running: w752uxu7.exe; Driver: C:\Users\Agata\AppData\Local\Temp\fwddakog.sys ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa8002d2c2c0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [424:4876] 000007fefb7f1ab0 Thread C:\Windows\system32\svchost.exe [424:5096] 000007fef7db4164 Thread C:\Windows\system32\svchost.exe [1072:1208] 000007fef98f8274 Thread C:\Windows\system32\svchost.exe [1072:1512] 000007fef98f8274 Thread C:\Windows\system32\svchost.exe [1220:4468] 000007fef85d5170 Thread C:\Windows\System32\spoolsv.exe [1648:4012] 000007fef19c10c8 Thread C:\Windows\System32\spoolsv.exe [1648:4060] 000007fef1986144 Thread C:\Windows\System32\spoolsv.exe [1648:4064] 000007fef3355fd0 Thread C:\Windows\System32\spoolsv.exe [1648:4068] 000007fef3443438 Thread C:\Windows\System32\spoolsv.exe [1648:4072] 000007fef33563ec Thread C:\Windows\System32\spoolsv.exe [1648:4084] 000007fef4165e5c Thread C:\Windows\System32\spoolsv.exe [1648:3644] 000007fef1aa8760 Thread C:\Windows\System32\svchost.exe [2144:2320] 000007fef6ce3410 Thread C:\Windows\System32\svchost.exe [2144:2336] 000007fef6cc2e30 Thread C:\Windows\System32\svchost.exe [2144:2344] 000007fef6c95050 Thread C:\Windows\System32\svchost.exe [2144:2348] 000007fef6cbed70 Thread C:\Windows\System32\svchost.exe [2144:2352] 000007fef6c95040 Thread C:\Windows\System32\svchost.exe [2144:2356] 000007fef6d34290 Thread C:\Program Files\Microsoft Security Client\msseces.exe [2896:2920] 000000007717a7b0 Thread C:\Program Files\Microsoft Security Client\msseces.exe [2896:2924] 000000007717f480 Thread C:\Program Files\Microsoft Security Client\msseces.exe [2896:3012] 000000007717f480 Thread C:\Program Files\Microsoft Security Client\msseces.exe [2896:1540] 000007fefb482bf8 Thread C:\Windows\system32\svchost.exe [4004:3584] 000007fef3355fd0 Thread C:\Windows\system32\svchost.exe [4004:3588] 000007fef33563ec ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1912] (GG drive overlay/GG Network S.A.)(2012-09-23 14:39:04) 000000005c080000 Process C:\ProgramData\SecurityUtility\SecurityUtility.exe (*** suspicious ***) @ C:\ProgramData\SecurityUtility\SecurityUtility.exe [4760] (Install/SecurityUtility)(2015-07-30 10:16:11) 000000013f650000 ---- EOF - GMER 2.1 ----