GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-01 13:25:17 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BPVT-22JJ5T0 rev.01.01A01 298,09GB Running: gmer.exe; Driver: C:\Users\UKASZ~1\AppData\Local\Temp\kwlyipob.sys ---- User code sections - GMER 2.1 ---- .text C:\Users\Łukasz\AppData\Local\GG\Application\ggdrive\ggdrive.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f51465 2 bytes [F5, 74] .text C:\Users\Łukasz\AppData\Local\GG\Application\ggdrive\ggdrive.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f514bb 2 bytes [F5, 74] .text ... * 2 .text C:\Program Files (x86)\OrangeBusinessServices\Manager połączeń\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\BusinessEverywhere.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f51465 2 bytes [F5, 74] .text C:\Program Files (x86)\OrangeBusinessServices\Manager połączeń\{ad30a369-08e3-414c-9d2c-7f47dbe748da}\BusinessEverywhere.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f514bb 2 bytes [F5, 74] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [564:1472] 000007fef8c759a0 Thread C:\Windows\System32\svchost.exe [564:2536] 000007fef71820c0 Thread C:\Windows\System32\svchost.exe [564:2544] 000007fef71826a8 Thread C:\Windows\System32\svchost.exe [564:2548] 000007fef71829dc Thread C:\Windows\System32\svchost.exe [564:3612] 000007fefc6d1a70 Thread C:\Windows\System32\svchost.exe [564:3836] 000007fef7cb44e0 Thread C:\Windows\System32\svchost.exe [564:2672] 000007fef7e788f8 Thread C:\Windows\system32\svchost.exe [948:2576] 000007fef76d0ea8 Thread C:\Windows\system32\svchost.exe [948:2584] 000007fef76c9db0 Thread C:\Windows\system32\svchost.exe [948:2628] 000007fef76d1c94 Thread C:\Windows\system32\svchost.exe [948:2168] 000007fef76caa10 Thread C:\Windows\System32\spoolsv.exe [1608:2960] 000007fef5ee10c8 Thread C:\Windows\System32\spoolsv.exe [1608:2964] 000007fef5ea6144 Thread C:\Windows\System32\spoolsv.exe [1608:2968] 000007fef5c95fd0 Thread C:\Windows\System32\spoolsv.exe [1608:2972] 000007fef5c83438 Thread C:\Windows\System32\spoolsv.exe [1608:2976] 000007fef5c963ec Thread C:\Windows\System32\spoolsv.exe [1608:2996] 000007fef6275e5c Thread C:\Windows\System32\spoolsv.exe [1608:3000] 000007fef66d5074 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2100:2368] 0000000076337587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2100:2580] 000000006be27712 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2100:2256] 00000000770e2e65 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2100:3596] 00000000770e3e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2100:1144] 00000000770e3e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2100:4208] 00000000770e3e85 ---- Processes - GMER 2.1 ---- Process C:\Users\Łukasz\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe (*** suspicious ***) @ C:\Users\Łukasz\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe [4788](2014-01-28 16:36:04) 0000000000400000 ---- Files - GMER 2.1 ---- File C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP872A.tmp 0 bytes File C:\Windows\assembly\NativeImages_v2.0.50727_64\index216.dat 0 bytes ---- EOF - GMER 2.1 ----