GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-01 13:56:32 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465,76GB Running: i4se93t3.exe; Driver: C:\Users\PAWE~1\AppData\Local\Temp\awddrkog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 682 fffff800033b808a 7 bytes [00, 00, 00, 00, 00, 00, 03] INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 690 fffff800033b8092 6 bytes [00, 00, A0, F8, FF, FF] ---- User code sections - GMER 2.1 ---- ? C:\windows\system32\mssprxy.dll [2740] entry point in ".rdata" section 00000000738c71e6 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2424] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075bd1465 2 bytes [BD, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2424] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075bd14bb 2 bytes [BD, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\windows\SysWOW64\ntdll.dll [3172:3176] 00000000003f5db3 Thread C:\windows\SysWOW64\ntdll.dll [3172:3416] 000000006b89ec50 Thread C:\windows\SysWOW64\ntdll.dll [3172:3420] 000000006b89dc50 Thread C:\windows\SysWOW64\ntdll.dll [3172:3424] 000000006b89e680 Thread C:\windows\SysWOW64\ntdll.dll [3172:3428] 000000007016786a ---- Processes - GMER 2.1 ---- Library C:\Users\Paweł\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\windows\Explorer.EXE [2156] (GG drive menu/GG Network S.A.)(201 000000005ff80000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\50b7c3133988 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\50b7c3133988 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----