GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-13 22:41:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: gj35ux8q.exe; Driver: C:\Users\xxx\AppData\Local\Temp\pftiqpob.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1744] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076cb8791 4 bytes [C2, 04, 00, 00] ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [1016:1100] 000007fef73e6b8c Thread C:\Windows\System32\svchost.exe [1016:1288] 000007fef73e1d88 Thread C:\Windows\System32\svchost.exe [348:648] 000007fefc1df2c0 Thread C:\Windows\System32\svchost.exe [348:788] 000007fefbf16204 Thread C:\Windows\System32\svchost.exe [348:1180] 000007fefa7a331c Thread C:\Windows\System32\svchost.exe [348:1284] 000007fefa2159a0 Thread C:\Windows\System32\svchost.exe [348:3236] 000007fef82a89b8 Thread C:\Windows\System32\svchost.exe [348:3956] 000007fefcfc1a70 Thread C:\Windows\System32\svchost.exe [348:3576] 000007fef81144d0 Thread C:\Windows\system32\svchost.exe [380:3448] 000007fef6ed4f84 Thread C:\Windows\system32\svchost.exe [380:4092] 000007fef22ad3c8 Thread C:\Windows\system32\svchost.exe [380:4088] 000007fef22ad3c8 Thread C:\Windows\system32\svchost.exe [380:3668] 000007fef22ad3c8 Thread C:\Windows\system32\svchost.exe [380:3664] 000007fef22ad3c8 Thread C:\Windows\system32\svchost.exe [476:1324] 000007fef9e51dd0 Thread C:\Windows\system32\svchost.exe [476:1360] 000007fef9d31a50 Thread C:\Windows\system32\svchost.exe [476:2172] 000007fefcfc1a70 Thread C:\Windows\system32\svchost.exe [476:3356] 000007fef6eb506c Thread C:\Windows\system32\svchost.exe [476:3368] 000007fef74f1c20 Thread C:\Windows\system32\svchost.exe [476:3372] 000007fef74f1c20 Thread C:\Windows\system32\svchost.exe [476:2340] 000007fef67a5170 Thread C:\Windows\system32\svchost.exe [476:4024] 000007fef67a5170 Thread C:\Windows\system32\svchost.exe [476:1420] 000007feeff8a160 Thread C:\Windows\system32\svchost.exe [476:1028] 000007fefab21ab0 Thread C:\Windows\system32\svchost.exe [1052:2644] 000007fefb698274 Thread C:\Windows\system32\svchost.exe [1052:2772] 000007fefb698274 Thread C:\Windows\system32\svchost.exe [1200:1244] 000007fefa58341c Thread C:\Windows\system32\svchost.exe [1200:1252] 000007fefa583a2c Thread C:\Windows\system32\svchost.exe [1200:1256] 000007fefa583768 Thread C:\Windows\system32\svchost.exe [1200:1260] 000007fefa585c20 Thread C:\Windows\system32\svchost.exe [1200:1988] 000007fef834bd70 Thread C:\Windows\system32\svchost.exe [1200:3556] 000007fef67a5170 Thread C:\Windows\system32\svchost.exe [1200:3516] 000007fef82e5124 Thread C:\Windows\system32\svchost.exe [1200:3148] 000007fefa583900 Thread C:\Windows\System32\spoolsv.exe [1376:2980] 000007fef66a10c8 Thread C:\Windows\System32\spoolsv.exe [1376:3004] 000007fef6486144 Thread C:\Windows\System32\spoolsv.exe [1376:3008] 000007fef83a5fd0 Thread C:\Windows\System32\spoolsv.exe [1376:3028] 000007fef6053438 Thread C:\Windows\System32\spoolsv.exe [1376:3032] 000007fef83a63ec Thread C:\Windows\System32\spoolsv.exe [1376:3040] 000007fef6775e5c Thread C:\Windows\System32\spoolsv.exe [1376:3044] 000007fef6aa5074 Thread C:\Windows\system32\svchost.exe [1408:1732] 000007fef8db35c0 Thread C:\Windows\system32\svchost.exe [1408:1736] 000007fef8db5600 Thread C:\Windows\system32\svchost.exe [1408:2444] 000007fef70d2940 Thread C:\Windows\system32\svchost.exe [1408:2708] 000007fef6cc2888 Thread C:\Windows\system32\svchost.exe [1408:764] 000007fef6cc2a40 Thread C:\Windows\system32\svchost.exe [1832:1920] 000007fef83a5fd0 Thread C:\Windows\system32\svchost.exe [1832:1924] 000007fef83a63ec Thread C:\Windows\system32\svchost.exe [1832:4432] 000007fef3b38470 Thread C:\Windows\system32\svchost.exe [1832:736] 000007fef3b42418 Thread C:\Windows\system32\taskhost.exe [2760:2832] 000007fef6c82740 Thread C:\Windows\system32\taskhost.exe [2760:2888] 000007fef6c61f38 Thread C:\Windows\system32\taskhost.exe [2760:2972] 000007fef9691010 Thread C:\Windows\system32\taskhost.exe [2760:3316] 000007fef67a5170 Thread C:\Windows\Explorer.EXE [2984:1944] 000007fef54f2154 Thread C:\Windows\Explorer.EXE [2984:3972] 000007fef6ca2f9c Thread C:\Windows\Explorer.EXE [2984:4080] 000007fef2652118 Thread C:\Windows\Explorer.EXE [2984:2916] 000007fef9691010 ---- Files - GMER 2.2 ---- File C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0004e1 0 bytes File C:\Users\xxx\AppData\Local\Temp\etilqs_jUi53ng3Q44u1ni 4 bytes ---- EOF - GMER 2.2 ----