GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-10 14:49:32 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00 596,17GB Running: t1ybj634.exe; Driver: C:\Users\Basia\AppData\Local\Temp\kwdcipod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2292] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076571465 2 bytes [57, 76] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2292] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765714bb 2 bytes [57, 76] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2924] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076571465 2 bytes [57, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2924] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765714bb 2 bytes [57, 76] .text ... * 2 .text C:\windows\SysWOW64\RunDll32.exe[3952] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076571465 2 bytes [57, 76] .text C:\windows\SysWOW64\RunDll32.exe[3952] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765714bb 2 bytes [57, 76] .text ... * 2 .text C:\Users\Basia\AppData\Local\GG\Application\ggdrive\ggdrive.exe[4992] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076571465 2 bytes [57, 76] .text C:\Users\Basia\AppData\Local\GG\Application\ggdrive\ggdrive.exe[4992] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765714bb 2 bytes [57, 76] .text ... * 2 .text C:\Users\Basia\Desktop\t1ybj634.exe[4224] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076571465 2 bytes [57, 76] .text C:\Users\Basia\Desktop\t1ybj634.exe[4224] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765714bb 2 bytes [57, 76] .text ... * 2 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\windows\Explorer.EXE [2776] (GG drive overlay/GG Network S.A.)(2012-09-22 15:20:03) 000000005c080000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004e9e0295 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004e9e0295@fce5570c1dcc 0x6C 0x02 0xBE 0x24 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004e9e0295@001fc6e0d789 0xE6 0xEA 0x67 0xBA ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004e9e0295@ac81f3d14dd7 0x53 0x6B 0x17 0xC2 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004e9e0295 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004e9e0295@fce5570c1dcc 0x6C 0x02 0xBE 0x24 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004e9e0295@001fc6e0d789 0xE6 0xEA 0x67 0xBA ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004e9e0295@ac81f3d14dd7 0x53 0x6B 0x17 0xC2 ... ---- EOF - GMER 2.1 ----