GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-31 22:07:42 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB Running: ejxs71vr.exe; Driver: C:\Users\Smok\AppData\Local\Temp\kgldqpoc.sys ---- Threads - GMER 2.1 ---- Thread [692:1036] 000007fefd3ba808 Thread [692:1040] 0000000076efaef0 Thread [692:3520] 0000000076effbf0 Thread [1060:1088] 0000000076efaef0 Thread [1060:1092] 000007fefd3ba808 Thread [1060:1096] 0000000076effbf0 Thread [1060:6048] 000007fefbed4af4 Thread [1060:4484] 000007fefbed4af4 Thread [1060:6224] 0000000076effbf0 Thread [1060:6212] 0000000076effbf0 Thread [1060:6356] 0000000076effbf0 Thread [1060:3448] 0000000076effbf0 Thread C:\Windows\System32\svchost.exe [1208:1704] 000007fef98a59a0 Thread C:\Windows\System32\svchost.exe [1208:1872] 000007fefc761a70 Thread C:\Windows\System32\svchost.exe [1208:4348] 000007fef84544e0 Thread C:\Windows\System32\svchost.exe [1208:5652] 000007fef86788f8 Thread C:\Windows\System32\svchost.exe [1208:6232] 000007fef6c5a2b0 Thread C:\Windows\system32\svchost.exe [1280:5532] 000007fef85e5124 Thread C:\Windows\system32\svchost.exe [1280:2452] 000007fef8fd4164 Thread [1712:1760] 000007fefd3ba808 Thread [1712:1796] 0000000076efaef0 Thread [1712:1936] 0000000076effbf0 Thread C:\Windows\System32\spoolsv.exe [1956:3548] 000007fef75610c8 Thread C:\Windows\System32\spoolsv.exe [1956:3556] 000007fef7526144 Thread C:\Windows\System32\spoolsv.exe [1956:3560] 000007fef8995fd0 Thread C:\Windows\System32\spoolsv.exe [1956:3564] 000007fef7503438 Thread C:\Windows\System32\spoolsv.exe [1956:3568] 000007fef89963ec Thread C:\Windows\System32\spoolsv.exe [1956:3580] 000007fef7615e5c Thread C:\Windows\System32\spoolsv.exe [1956:3584] 000007fef7645074 Thread C:\Windows\System32\spoolsv.exe [1956:3808] 000007fef76b2288 Thread C:\Windows\SysWOW64\ntdll.dll [2056:2060] 0000000000e5301f Thread C:\Windows\SysWOW64\ntdll.dll [2056:3436] 000000006ed66c50 Thread C:\Windows\SysWOW64\ntdll.dll [2056:4268] 000000006eea31f8 Thread C:\Windows\SysWOW64\ntdll.dll [2056:4300] 000000006acd3821 Thread C:\Windows\SysWOW64\ntdll.dll [2056:4304] 000000006acd3821 Thread C:\Windows\SysWOW64\ntdll.dll [2056:5536] 0000000073b163c3 Thread C:\Windows\SysWOW64\ntdll.dll [2056:5576] 0000000074a3a590 Thread C:\Windows\SysWOW64\ntdll.dll [2056:5580] 0000000073c02210 Thread C:\Windows\SysWOW64\ntdll.dll [2056:5588] 0000000073da6680 Thread C:\Windows\SysWOW64\ntdll.dll [2056:5636] 0000000073b163c3 Thread C:\Windows\SysWOW64\ntdll.dll [2056:5660] 0000000072fd5780 Thread C:\Windows\SysWOW64\ntdll.dll [2056:5664] 0000000072fd5780 Thread C:\Windows\SysWOW64\ntdll.dll [2056:5668] 000000007301fbd0 Thread C:\Windows\SysWOW64\ntdll.dll [2056:5784] 00000000739bef50 Thread C:\Windows\SysWOW64\ntdll.dll [2056:5812] 000000006acd3821 Thread C:\Windows\SysWOW64\ntdll.dll [2056:2756] 00000000739a1e70 Thread C:\Windows\SysWOW64\ntdll.dll [2056:5364] 0000000071623840 Thread C:\Windows\SysWOW64\ntdll.dll [2056:2792] 00000000716234b0 Thread C:\Windows\SysWOW64\ntdll.dll [2056:2064] 0000000071623840 Thread C:\Windows\SysWOW64\ntdll.dll [2056:2892] 00000000716234b0 Thread C:\Windows\SysWOW64\ntdll.dll [2056:4356] 000000005c298fad Thread C:\Windows\SysWOW64\ntdll.dll [2056:2036] 0000000074237311 Thread C:\Windows\SysWOW64\ntdll.dll [2056:5548] 0000000072c862ee Thread C:\Windows\SysWOW64\ntdll.dll [2056:1824] 000000006dff1120 Thread C:\Windows\SysWOW64\ntdll.dll [2056:6612] 0000000074237311 Thread C:\Windows\SysWOW64\ntdll.dll [2140:2144] 00000000003d863e Thread C:\Windows\SysWOW64\ntdll.dll [2140:2540] 0000000072a632fb Thread C:\Windows\SysWOW64\ntdll.dll [2508:2512] 000000000022cdd1 Thread [2868:2884] 000007fefd3ba808 Thread [2868:1232] 0000000076efaef0 Thread [2868:1220] 000007fef83d7130 Thread [2868:1340] 000007fef83cd5c0 Thread [2868:1352] 0000000076effbf0 Thread C:\Windows\SysWOW64\ntdll.dll [1736:1732] 0000000000da8296 Thread C:\Windows\SysWOW64\ntdll.dll [3688:3692] 000000002d9ea4cb Thread C:\Windows\SysWOW64\ntdll.dll [3688:3720] 000000006e974c7c Thread C:\Windows\SysWOW64\ntdll.dll [3688:3732] 000000006e986467 Thread C:\Windows\SysWOW64\ntdll.dll [3688:3840] 0000000076a9d864 Thread C:\Windows\system32\taskhost.exe [4492:4548] 000007fef8ec2740 Thread C:\Windows\system32\taskhost.exe [4492:4556] 000007fefab11010 Thread C:\Windows\system32\taskhost.exe [4492:4592] 000007fef6883d18 Thread C:\Windows\system32\taskhost.exe [4492:4616] 000007fef6161f38 Thread C:\Windows\system32\taskhost.exe [4492:4744] 000007fef6d15170 Thread C:\Windows\SysWOW64\ntdll.dll [4504:4508] 0000000000f4df98 Thread C:\Windows\SysWOW64\ntdll.dll [4504:4728] 0000000070c37950 Thread C:\Windows\SysWOW64\ntdll.dll [4504:4756] 000000007144c59c Thread C:\Windows\SysWOW64\ntdll.dll [4504:4804] 000000007144c59c Thread C:\Windows\SysWOW64\ntdll.dll [4504:4892] 000000007144c59c Thread C:\Windows\SysWOW64\ntdll.dll [4504:4900] 000000007144c59c Thread C:\Windows\SysWOW64\ntdll.dll [4504:2864] 0000000070d933a8 Thread C:\Windows\SysWOW64\ntdll.dll [4504:5404] 0000000070dff5d0 Thread C:\Windows\SysWOW64\ntdll.dll [4504:5976] 0000000070dff5d0 Thread C:\Windows\SysWOW64\ntdll.dll [4504:3480] 000000005f5191c4 Thread C:\Windows\SysWOW64\ntdll.dll [4504:5932] 0000000070dff5d0 Thread C:\Windows\SysWOW64\ntdll.dll [4504:6076] 0000000068d3879c Thread C:\Windows\SysWOW64\ntdll.dll [4504:3300] 00000000695927c1 Thread C:\Windows\SysWOW64\ntdll.dll [4504:5816] 000000007144c59c Thread C:\Windows\SysWOW64\ntdll.dll [648:872] 00000000004ce8c2 Thread C:\Windows\SysWOW64\ntdll.dll [648:2392] 00000000004ca96e Thread C:\Windows\SysWOW64\ntdll.dll [648:4352] 00000000004cb18f Thread C:\Windows\SysWOW64\ntdll.dll [648:3272] 00000000004cd93b Thread C:\Windows\SysWOW64\ntdll.dll [648:2572] 00000000004cc792 Thread C:\Windows\SysWOW64\ntdll.dll [648:3380] 00000000004cdf6c Thread C:\Windows\SysWOW64\ntdll.dll [648:1364] 00000000004cbbdc Thread C:\Windows\SysWOW64\ntdll.dll [648:1176] 00000000675e25d5 Thread [2680:3552] 0000000077112e65 Thread [2680:5468] 000000007159345e Thread [2680:4624] 000000007159345e Thread [2680:6552] 000000007159345e Thread [2680:5224] 0000000077113e85 Thread [5592:6688] 0000000076effbf0 Thread C:\Windows\SysWOW64\ntdll.dll [2364:1076] 0000000000404d1e Thread C:\Windows\SysWOW64\ntdll.dll [2364:4652] 0000000000403300 Thread C:\Windows\SysWOW64\ntdll.dll [2364:4656] 0000000000402fa0 Thread C:\Windows\SysWOW64\ntdll.dll [5400:5264] 000000000042e998 Thread C:\Windows\SysWOW64\ntdll.dll [3664:1752] 0000000000ab928e Thread C:\Windows\SysWOW64\ntdll.dll [3664:5396] 0000000000ab8904 Thread C:\Windows\SysWOW64\ntdll.dll [3664:2200] 0000000000ab8904 Thread C:\Windows\SysWOW64\ntdll.dll [3664:4972] 00000000676617a4 Thread C:\Windows\SysWOW64\ntdll.dll [5968:5952] 00000000005b3fd8 Thread C:\Windows\SysWOW64\ntdll.dll [5968:5996] 00000000005b56ad Thread C:\Windows\SysWOW64\ntdll.dll [5968:5888] 00000000005b56ad Thread C:\Windows\SysWOW64\ntdll.dll [5968:5992] 00000000005b56ad Thread C:\Windows\SysWOW64\ntdll.dll [5968:5972] 00000000005b56ad Thread C:\Windows\SysWOW64\ntdll.dll [5968:6016] 00000000005b56ad Thread C:\Windows\SysWOW64\ntdll.dll [5968:5980] 00000000005b56ad Thread C:\Windows\SysWOW64\ntdll.dll [5968:6000] 00000000005b56ad Thread C:\Windows\SysWOW64\ntdll.dll [5968:5988] 00000000005b56ad Thread C:\Windows\SysWOW64\ntdll.dll [5968:6020] 00000000005b56ad Thread C:\Windows\SysWOW64\ntdll.dll [5968:5944] 00000000005b56ad ---- EOF - GMER 2.1 ----