GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-05 14:19:51 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_EVO_250GB rev.EXT0BB6Q 232,89GB Running: k3ye2dqg.exe; Driver: C:\Users\Piotr\AppData\Local\Temp\kxldapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2012] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076ae1465 2 bytes [AE, 76] .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2012] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076ae14bb 2 bytes [AE, 76] .text ... * 2 .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ae1465 2 bytes [AE, 76] .text C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ae14bb 2 bytes [AE, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:1936] 0000000077173e85 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:1976] 0000000077172e65 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:920] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:928] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:1748] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:1732] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:1808] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:1628] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2056] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2096] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2100] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2148] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2568] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2572] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2600] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2884] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2888] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2892] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2896] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2900] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2904] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2908] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2912] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2916] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2920] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2932] 0000000077173e85 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2944] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2956] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2960] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2964] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2968] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2980] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:3164] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:3796] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:3800] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:3808] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2628] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:2580] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:3876] 0000000070d529e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1876:3872] 0000000070d529e1 Thread C:\Windows\System32\svchost.exe [2252:3888] 000007fef4679688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3728:3956] 000007fefb142a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3728:3964] 000007fef1664830 ---- Files - GMER 2.1 ---- File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00385b 35981 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00385c 32146 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00385d 34948 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00385e 82577 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00385f 87755 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003860 82092 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003861 24379 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003862 104304 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003863 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003864 26405 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003865 416222 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037d4 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037d7 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037d8 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037df 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037e0 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037e1 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037e3 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037e5 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037e6 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037e7 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037e8 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037e9 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037ea 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037eb 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037ec 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037ed 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037ee 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037ef 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037f0 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037f1 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037f2 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037f3 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037f4 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037f5 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037f7 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037f9 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037fa 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037fb 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037fc 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037fd 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037fe 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037ff 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003800 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003801 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003802 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003803 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003804 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003805 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003806 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003807 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003808 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003809 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003847 320892 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003848 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003849 184429 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00384a 26486 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00384b 29443 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00384c 65220 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00384d 124375 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00384e 49120 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00384f 32222 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003850 33016 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003852 21909 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003854 74039 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003855 18300 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003856 24518 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003857 21700 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003858 31799 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003859 33575 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037e2 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0037f6 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00380a 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00381e 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003832 0 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003846 632163 bytes File C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00385a 36545 bytes File C:\ProgramData\Microsoft\RAC\Temp\sql77FD.tmp 20480 bytes File C:\ProgramData\Microsoft\RAC\Temp\sql780D.tmp 20480 bytes ---- EOF - GMER 2.1 ----