GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-07-07 23:47:10 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006a SAMSUNG_ rev.2AR1 465,76GB Running: g6mwzlqk.exe; Driver: C:\Users\Novi\AppData\Local\Temp\kwldqpod.sys ---- User code sections - GMER 2.1 ---- .text c:\postgreSQL\bin\postgres.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075581465 2 bytes [58, 75] .text c:\postgreSQL\bin\postgres.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755814bb 2 bytes [58, 75] .text ... * 2 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075581465 2 bytes [58, 75] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755814bb 2 bytes [58, 75] .text ... * 2 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\IePluginServices\PluginService.exe (*** suspicious ***) @ C:\ProgramData\IePluginServices\PluginService.exe [1404](2 0000000000930000 Process C:\ProgramData\WindowsProtectManger\wprotectmanager.exe (*** suspicious ***) @ C:\ProgramData\WindowsProtectManger\wprotectmanager.exe [1456](2014-06-25 17:47:00) 0000000000e00000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????????????????????????????Port_#0002.Hub_#0001????????????????????????? ??????????????????????????????????????????????? ???????@???????? ??????? ??? ?,???????????????1???????????????????????????????%SystemRoot%\system32\wpdshext.dll,-701??-???????????????????E???????????????????????n???????????????k???????????[???[??? ???????A???????????????????? ?(?:?????ns??? ??????????????????volume_install?;?.??? ???????n??????td??????????????? ????????????????????????"???&??????????????????_??Sterownik woluminu systemu plik?w WPD???????????????? ??????????????????USB\VID_10D6&PID_1100&REV_0100?USB\VID_10D6&PID_1100????? ?????????????????????0??L????????? ??????4?s???????????a???????????????????i???????m??? ???????c?????t I??????????????????? ???????v??????ne??6.1.7601.17514? un???????????n??????????????????USB\Class_08&SubClass_05&Prot_50?USB\Class_08&SubClass_05?USB\Class_08???k??? ?????????????????????0????????????&????????????????????k??? ?????????????????????0??L????????? ???????? ??? ?????????????????????0??????? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2bacb1de Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2bacb1de@a00798992e34 0x8B 0x67 0x8D 0x4F ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2bacb1de@0cc66a682bbc 0x66 0xB2 0x77 0xF6 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2bacb1de (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2bacb1de@a00798992e34 0x8B 0x67 0x8D 0x4F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2bacb1de@0cc66a682bbc 0x66 0xB2 0x77 0xF6 ... ---- EOF - GMER 2.1 ----