GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-02-08 21:58:44 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e ST500LM021-1KJ152 rev.0002YXM1 465,76GB Running: k4j79fl8.exe; Driver: C:\Users\Marta\AppData\Local\Temp\pxldrpoc.sys ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!__pctype_func] [65006d0061] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!___lc_codepage_func] [7000650065006b] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!isspace] [760069006c0061] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!_CxxThrowException] [6f007200700065] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!??0exception@@QEAA@XZ] [65006400690076] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!setlocale] [6c0064002e0072] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!_onexit] [25006a0000006c] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!__CxxFrameHandler3] [6f007200500001] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!_callnewh] [74006300750064] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!__uncaught_exception] [65006d0061004e] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!_unlock] [69004d00000000] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!_lock] [73006f00720063] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!?terminate@@YAXXZ] [ae00740066006f] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [6e006900570020] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!_errno] [730077006f0064] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!___lc_handle_func] [70004f002000ae] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!memcpy] [74006100720065] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!malloc] [200067006e0069] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!__crtLCMapStringW] [74007300790053] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!realloc] [6d0065] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!strchr] [500001000f0042] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!_initterm] [65005600740063] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!_amsg_exit] [6f006900730072] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!wctob] [2e00360000006e] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!__dllonexit] [360039002e0033] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!_XcptFilter] [31002e00300030] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!memchr] [35003100340037] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!strerror] [4400000000] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!calloc] [72006100560001] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!abort] [65006c00690046] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!__crtCompareStringW] [6f0066006e0049] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBDH@Z] [4002400000000] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!___lc_collate_cp_func] [61007200540000] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!___mb_cur_max_func] [61006c0073006e] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!_wcsnicmp] [6e006f00690074] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!tolower] [4b0040900000000] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!wcstoul] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!_vsnwprintf] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!swscanf] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!_wcsicmp] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!_purecall] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!??0bad_cast@@QEAA@PEBD@Z] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!??1bad_cast@@UEAA@XZ] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!??0bad_cast@@QEAA@AEBV0@@Z] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!wcschr] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!toupper] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!??_V@YAXPEAX@Z] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!free] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!memmove] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!??0exception@@QEAA@AEBV0@@Z] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBD@Z] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!??1exception@@UEAA@XZ] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!?what@exception@@UEBAPEBDXZ] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!??3@YAXPEAX@Z] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[msvcrt.dll!memset] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[Bcp47Langs.dll!AppendUserLanguages] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[Bcp47Langs.dll!Bcp47FromHkl] [1000000000000] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[Bcp47Langs.dll!GetUserLanguageInputMethods] [8000001800000010] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[Bcp47Langs.dll!Bcp47FromLcid] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[Bcp47Langs.dll!AppendUserLanguageInputMethods] [1000000000000] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[Bcp47Langs.dll!Bcp47IsWellFormed] [8000003000000001] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[Bcp47Langs.dll!LcidFromBcp47] [0] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[Bcp47Langs.dll!Bcp47GetNlsForm] [1000000000000] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[Bcp47Langs.dll!CompactTagFromBcp47Internal] [4800000409] IAT C:\Windows\explorer.exe[5112] @ C:\Windows\SYSTEM32\globinputhost.dll[USER32.dll!GetKeyboardLayout] [450056005f0053] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [1008:312] fffff960008332d0 Thread C:\Windows\SysWOW64\ctfmon.exe [4528:5084] 0000000075aaca50 ---- Processes - GMER 2.1 ---- Process C:\Users\Marta\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe (*** suspicious ***) @ C:\Users\Marta\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe [5684] (WebHelper/BitTorrent Inc.)(2016-02-08 20:29:34) 00000000002f0000 Process C:\Users\Marta\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe (*** suspicious ***) @ C:\Users\Marta\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe [6260] (WebHelper/BitTorrent Inc.)(2016-02-08 20:29:34) 00000000002f0000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----