GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-12 11:56:42 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0006 465,76GB Running: lci3zit3.exe; Driver: C:\Users\media\AppData\Local\Temp\ugryypog.sys ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\svchost.exe [368:512] 00007ffec92b3ac0 Thread C:\WINDOWS\system32\svchost.exe [368:576] 00007ffec92b2c10 Thread C:\WINDOWS\system32\svchost.exe [368:1076] 00007ffec8f58cc0 Thread C:\WINDOWS\system32\svchost.exe [1088:5960] 00007ffeb1109ed0 Thread C:\WINDOWS\system32\svchost.exe [1088:8756] 00007ffeb1109ed0 Thread C:\WINDOWS\system32\svchost.exe [1088:12144] 00007ffeb1109ed0 Thread C:\WINDOWS\system32\svchost.exe [1152:1480] 00007ffec7ea9130 Thread C:\WINDOWS\system32\svchost.exe [1152:1620] 00007ffec7893de0 Thread C:\WINDOWS\system32\svchost.exe [1152:1956] 00007ffec07b43f0 Thread C:\WINDOWS\system32\svchost.exe [1152:2076] 00007ffec9f864c0 Thread C:\WINDOWS\system32\svchost.exe [1152:3296] 00007ffec9bd9a30 Thread C:\WINDOWS\system32\svchost.exe [1152:6060] 00007ffec9bcf690 Thread C:\WINDOWS\system32\svchost.exe [1152:10920] 00007ffec9bd61f0 Thread C:\WINDOWS\system32\svchost.exe [1152:11724] 00007ffebdafde90 Thread C:\WINDOWS\system32\svchost.exe [1152:6276] 00007ffebdafc220 Thread C:\WINDOWS\System32\svchost.exe [1196:1568] 00007ffec78491f0 Thread C:\WINDOWS\System32\svchost.exe [1196:1768] 00007ffec5fa00d0 Thread C:\WINDOWS\System32\svchost.exe [1196:1400] 00007ffec28c1130 Thread C:\WINDOWS\System32\svchost.exe [1196:1176] 00007ffec2a95dc0 Thread C:\WINDOWS\System32\svchost.exe [1196:1276] 00007ffec3a36370 Thread C:\WINDOWS\System32\svchost.exe [1196:2136] 00007ffec061b480 Thread C:\WINDOWS\System32\svchost.exe [1196:2144] 00007ffec061e240 Thread C:\WINDOWS\System32\svchost.exe [1196:2152] 00007ffec3a36370 Thread C:\WINDOWS\System32\svchost.exe [1196:11392] 00007ffec0ef3560 Thread C:\WINDOWS\System32\svchost.exe [1196:11388] 00007ffec0ef26d0 Thread C:\WINDOWS\System32\svchost.exe [1196:892] 00007ffec0051670 Thread C:\WINDOWS\System32\svchost.exe [1196:1036] 00007ffebf896160 Thread C:\WINDOWS\system32\svchost.exe [2532:3428] 00007ffebeef2230 Thread C:\WINDOWS\system32\svchost.exe [2532:3436] 00007ffebeef2230 Thread C:\WINDOWS\system32\SearchIndexer.exe [6152:6544] 00007ffeb52246c0 Thread C:\WINDOWS\system32\csrss.exe [11984:8196] fffff9611b247300 Thread C:\WINDOWS\Explorer.EXE [11952:11680] 00007ffeca68f8d0 Thread C:\WINDOWS\Explorer.EXE [11952:3412] 00007ffec3a36370 Thread C:\WINDOWS\Explorer.EXE [11952:10524] 00007ffeb1a83930 Thread C:\WINDOWS\Explorer.EXE [11952:3940] 00007ffeb1a901b0 Thread C:\WINDOWS\Explorer.EXE [11952:10276] 00007ffeb1a901b0 Thread C:\WINDOWS\Explorer.EXE [11952:9764] 00007ffeb1a901b0 Thread C:\WINDOWS\Explorer.EXE [11952:7108] 00007ffeb1a901b0 Thread C:\WINDOWS\Explorer.EXE [11952:6076] 00007ffeb1a901b0 Thread C:\WINDOWS\Explorer.EXE [11952:4168] 00007ffeb1a901b0 Thread C:\WINDOWS\Explorer.EXE [11952:8892] 00007ffeb1a901b0 Thread C:\Users\media\AppData\Local\Microsoft\OneDrive\OneDrive.exe [12156:8444] 00000000694f5f42 Thread C:\Users\media\AppData\Local\Microsoft\OneDrive\OneDrive.exe [12156:8452] 00000000694f5f42 Thread C:\Users\media\AppData\Local\Microsoft\OneDrive\OneDrive.exe [12156:8456] 000000006a1bbfb4 Thread C:\Users\media\AppData\Local\Microsoft\OneDrive\OneDrive.exe [12156:8460] 000000006a1bbfb4 Thread C:\Users\media\AppData\Local\Microsoft\OneDrive\OneDrive.exe [12156:8508] 000000006a1bbfb4 Thread C:\Users\media\AppData\Local\Microsoft\OneDrive\OneDrive.exe [12156:8512] 000000006a1bbfb4 Thread C:\Users\media\AppData\Local\Microsoft\OneDrive\OneDrive.exe [12156:8524] 000000006a1bbfb4 ---- EOF - GMER 2.1 ----