GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-15 07:29:12 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0003 465,76GB Running: jukz43kr.exe; Driver: C:\Users\agusia\AppData\Local\Temp\pwdcqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Users\agusia\AppData\Roaming\uTorrent\uTorrent.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000766f1465 2 bytes [6F, 76] .text C:\Users\agusia\AppData\Roaming\uTorrent\uTorrent.exe[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766f14bb 2 bytes [6F, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000766f1465 2 bytes [6F, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766f14bb 2 bytes [6F, 76] .text ... * 2 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000766f1465 2 bytes [6F, 76] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766f14bb 2 bytes [6F, 76] .text ... * 2 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000766f1465 2 bytes [6F, 76] .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766f14bb 2 bytes [6F, 76] .text ... * 2 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000766f1465 2 bytes [6F, 76] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766f14bb 2 bytes [6F, 76] .text ... * 2 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[3128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000766f1465 2 bytes [6F, 76] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[3128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766f14bb 2 bytes [6F, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [412:2596] 000007fef7cf0ea8 Thread C:\Windows\system32\svchost.exe [412:2612] 000007fef7ce9db0 Thread C:\Windows\system32\svchost.exe [412:2680] 000007fef7ceaa10 Thread C:\Windows\system32\svchost.exe [412:2684] 000007fef7cf1c94 Thread C:\Windows\system32\svchost.exe [412:2372] 000007fef6436ed4 Thread C:\Windows\system32\svchost.exe [412:2368] 000007fef6436b8c ---- EOF - GMER 2.1 ----