GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-14 00:21:14 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BPVT-22JJ5T0 rev.01.01A01 298,09GB Running: xokkyfm8.exe; Driver: C:\Users\Konar\AppData\Local\Temp\pgddqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076af8769 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076e21401 2 bytes JMP 76b1b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076e21419 2 bytes JMP 76b1b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076e21431 2 bytes JMP 76b98f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076e2144a 2 bytes CALL 76af4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076e214dd 2 bytes JMP 76b98832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076e214f5 2 bytes JMP 76b98a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076e2150d 2 bytes JMP 76b98728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076e21525 2 bytes JMP 76b98af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076e2153d 2 bytes JMP 76b0fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076e21555 2 bytes JMP 76b168df C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076e2156d 2 bytes JMP 76b98ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076e21585 2 bytes JMP 76b98b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076e2159d 2 bytes JMP 76b986ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076e215b5 2 bytes JMP 76b0fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076e215cd 2 bytes JMP 76b1b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076e216b2 2 bytes JMP 76b98eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1940] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076e216bd 2 bytes JMP 76b98681 C:\Windows\syswow64\kernel32.dll ---- Processes - GMER 2.1 ---- Library C:\Users\Konar\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1956] (GG drive menu/GG Network S.A.)(201 000000005ff80000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f39568a458 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f39568a458@ac81f3c8bb89 0x91 0xDD 0xAC 0x1A ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f39568a458@0026e2ef67fb 0x5B 0xE6 0xF9 0x81 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f39568a458 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f39568a458@ac81f3c8bb89 0x91 0xDD 0xAC 0x1A ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f39568a458@0026e2ef67fb 0x5B 0xE6 0xF9 0x81 ... ---- EOF - GMER 2.1 ----