GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-30 20:56:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKX-00U6AA0 rev.15.01H15 465,76GB Running: eqxznn2y.exe; Driver: C:\Users\Karolina\AppData\Local\Temp\pgddqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1836] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076948769 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076e51401 2 bytes JMP 7696b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1836] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076e51419 2 bytes JMP 7696b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076e51431 2 bytes JMP 769e8f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076e5144a 2 bytes CALL 76944885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1836] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076e514dd 2 bytes JMP 769e8832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1836] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076e514f5 2 bytes JMP 769e8a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1836] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076e5150d 2 bytes JMP 769e8728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1836] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076e51525 2 bytes JMP 769e8af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076e5153d 2 bytes JMP 7695fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1836] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076e51555 2 bytes JMP 769668df C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1836] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076e5156d 2 bytes JMP 769e8ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1836] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076e51585 2 bytes JMP 769e8b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1836] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076e5159d 2 bytes JMP 769e86ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076e515b5 2 bytes JMP 7695fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076e515cd 2 bytes JMP 7696b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1836] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076e516b2 2 bytes JMP 769e8eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1836] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076e516bd 2 bytes JMP 769e8681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3972] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076948769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3888:972] 000007fefc0d2ae8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3888:4104] 000007feea3f5648 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3888:4232] 000007fef8e85124 Thread C:\Windows\System32\svchost.exe [3480:3260] 000007fee9d79688 ---- Processes - GMER 2.1 ---- Library C:\Users\Karolina\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1440] (GG drive menu/GG Network S.A.)(2013-01-01 11:26:00) 0000000007ec0000 ---- EOF - GMER 2.1 ----