GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-26 21:23:35 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 ST500LM012_HN-M500MBB rev.2AR10002 465,76GB Running: jhnmqgsg.exe; Driver: C:\Users\MARTAK~1\AppData\Local\Temp\uxloypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3584] C:\windows\SYSTEM32\msimg32.dll!GradientFill + 690 000007fedbe81532 4 bytes [E8, DB, FE, 07] .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3584] C:\windows\SYSTEM32\msimg32.dll!GradientFill + 698 000007fedbe8153a 4 bytes [E8, DB, FE, 07] .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3584] C:\windows\SYSTEM32\msimg32.dll!TransparentBlt + 246 000007fedbe8165a 4 bytes [E8, DB, FE, 07] ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\csrss.exe [644:668] fffff9600083f5e8 ---- Processes - GMER 2.1 ---- Process C:\Users\Marta K\AppData\Local\Frappsy\YouTube Downloader\YouTubeDownloader.exe (*** suspicious ***) @ C:\Users\Marta K\AppData\Local\Frappsy\YouTube Downloader\YouTubeDownloader.exe [4032](2013-08-31 17:51:36) 0000000000680000 Process C:\Users\MARTAK~1\AppData\Local\Temp\Rar$EXa0.434\jhnmqgsg.exe (*** suspicious ***) @ C:\Users\MARTAK~1\AppData\Local\Temp\Rar$EXa0.434\jhnmqgsg.exe [912](2015-02-04 12:59:56) 0000000000400000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----