GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-16 14:09:22 Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 FUJITSU_MHZ2250BJ_G2 rev.891A 232,89GB Running: jhnmqgsg.exe; Driver: C:\Users\user\AppData\Local\Temp\uwdyrfob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000e1500 3 bytes [80, 7C, 02] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 4 fffff960000e1504 3 bytes [C1, BD, FA] INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- Processes - GMER 2.1 ---- Library C:\Users\user\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2092] (GG drive menu/GG Network S.A.)(2015- 000000005ff80000 Library \\?\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\avxdisk.dll (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2624] (BitDefender Core/BitDefender)(2015-09-11 12:28:22) 0000000003d80000 Process C:\Users\user\AppData\Local\Temp\Rar$EXa0.660\jhnmqgsg.exe (*** suspicious ***) @ C:\Users\user\AppData\Local\Temp\Rar$EXa0.660\jhnmqgsg.exe [3956](2015-02-04 12:59:56) 0000000000400000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???&z???????????????????????????????????????USB\VID_058F&PID_6387&REV_0104?USB\VID_058F&PID_6387????USB\Class_08&SubClass_06&Prot_50?USB\Class_08&SubClass_06?USB\Class_08???????????????????????????`0??%???%????????????????????????????????????????????????????X?????????????????????? ???????'??usbstor.inf??????????'???? ??'???????????????????'???(??????????????? ???????D?????????????"???????????????????????(??? ????????????? ???????%?????????????e?????????????????????????&??????????? ???????;?????????????"?????????????????????????????????(?(???????&?????????????D??A5???????&???3??1}??????ul??? ???%???&???????&??? ???????'?????????????"??????????????????????.??%???\???????+?+?&???&??System zgodny ze standardem Microsoft ACPI??????? ???&???&??????????@acpi.inf,%*pnp0c08.devicedesc%;System zgodny ze standardem Microsoft ACPI?r????? ???????'?????????????"????????????????????? ???????'?????????????"????????????????????? ???????'?????????????"????????????????????? ???????'?????????????"????????????????????? ???????'? Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e5263f9 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e733c9f Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{bc447660-58e4-42bc-b9c8-054a80f8e973}@Dhcpv6State 0 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00247e5263f9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00247e733c9f (not active ControlSet) ---- EOF - GMER 2.1 ----