GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-08 23:22:26 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000062 WDC_____ rev.18.0 465,76GB Running: fsskqqsq.exe; Driver: C:\Users\X\AppData\Local\Temp\kgldqpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\services.exe[664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007726ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007726ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007726ef8d 1 byte [62] .text C:\Windows\Explorer.EXE[684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007726ef8d 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2964] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075ae8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2964] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a2fd 1 byte [62] .text C:\Windows\notepad.exe[12452] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007726ef8d 1 byte [62] .text H:\POBIERANE\LOGI\fsskqqsq.exe[2440] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0a2fd 1 byte [62] ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ECB57A00-8E94-4451-A3F7-F3C2029EBE1F}\offreg.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [392](2014-10-08 18:47:35) 000007fef6f00000 ---- EOF - GMER 2.1 ----