GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-20 18:56:59 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-6 Hitachi_HCS5C3225SLA380 rev.STBOA37E 232,89GB Running: 35kplfw8.exe; Driver: C:\Users\Kamil\AppData\Local\Temp\awddykob.sys ---- User code sections - GMER 2.1 ---- .text D:\Programy\NOD32\x86\ekrn.exe[1548] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076abd03c 4 bytes [C2, 04, 00, 00] .text C:\Users\Kamil\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text C:\Users\Kamil\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 .text D:\Downloads\35kplfw8.exe[5872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text D:\Downloads\35kplfw8.exe[5872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [900:1068] 000007fefafe2070 Thread C:\Windows\System32\svchost.exe [900:1120] 000007fefadb5440 Thread C:\Windows\System32\svchost.exe [900:1204] 000007fef6b26b8c Thread C:\Windows\System32\svchost.exe [900:1568] 000007fef6b21d88 Thread C:\Windows\System32\svchost.exe [900:3188] 000007fef97b5fd0 Thread C:\Windows\System32\svchost.exe [900:3216] 000007fefe97c7d4 Thread C:\Windows\System32\svchost.exe [900:5992] 000007fefadb3130 Thread C:\Windows\System32\svchost.exe [940:396] 000007fefb1031e4 Thread C:\Windows\System32\svchost.exe [940:2208] 000007fef85b20c0 Thread C:\Windows\System32\svchost.exe [940:2216] 000007fef85b26a8 Thread C:\Windows\System32\svchost.exe [940:2224] 000007fef85b29dc Thread C:\Windows\System32\svchost.exe [940:2228] 000007fef85b29dc Thread C:\Windows\System32\svchost.exe [940:2536] 000007fef9397750 Thread C:\Windows\System32\svchost.exe [940:2428] 000007fef9e388f8 Thread C:\Windows\System32\svchost.exe [940:4728] 000007fee93b3e98 Thread C:\Windows\System32\svchost.exe [940:4796] 000007fee93f8a4c Thread C:\Windows\system32\svchost.exe [988:2644] 000007fef8551ab0 Thread C:\Windows\system32\svchost.exe [512:2204] 000007fef8820ea8 Thread C:\Windows\system32\svchost.exe [512:2212] 000007fef8819db0 Thread C:\Windows\system32\svchost.exe [512:2268] 000007fef881aa10 Thread C:\Windows\system32\svchost.exe [512:2288] 000007fef8821c94 Thread C:\Windows\system32\svchost.exe [512:3192] 000007fee966d3c8 Thread C:\Windows\system32\svchost.exe [512:2356] 000007fee966d3c8 Thread C:\Windows\system32\svchost.exe [512:1940] 000007fee966d3c8 Thread C:\Windows\system32\svchost.exe [512:1676] 000007fee966d3c8 Thread C:\Windows\system32\svchost.exe [1040:1140] 000007fefaf33260 Thread C:\Windows\system32\svchost.exe [1040:1148] 000007fefaf33aac Thread C:\Windows\system32\svchost.exe [1040:1152] 000007fefaf33864 Thread C:\Windows\system32\svchost.exe [1040:1156] 000007fefaf346d0 Thread C:\Windows\system32\svchost.exe [1040:1768] 000007fef9a3f978 Thread C:\Windows\system32\svchost.exe [1040:2620] 000007fef7c3fd00 Thread C:\Windows\system32\svchost.exe [1040:2996] 000007fef9345124 Thread C:\Windows\system32\svchost.exe [1040:4604] 000007fefaf33980 Thread C:\Windows\System32\spoolsv.exe [1272:1860] 000007fef92010c8 Thread C:\Windows\System32\spoolsv.exe [1272:1868] 000007fef8fa6144 Thread C:\Windows\System32\spoolsv.exe [1272:1872] 000007fef97b5fd0 Thread C:\Windows\System32\spoolsv.exe [1272:1876] 000007fef8f83438 Thread C:\Windows\System32\spoolsv.exe [1272:1880] 000007fef97b63ec Thread C:\Windows\System32\spoolsv.exe [1272:1888] 000007fef9f45e5c Thread C:\Windows\System32\spoolsv.exe [1272:1892] 000007fef9fe484c Thread C:\Windows\system32\svchost.exe [1300:1328] 000007fefd1a1a70 Thread C:\Windows\system32\svchost.exe [1300:1332] 000007fefd1a1a70 Thread C:\Windows\system32\svchost.exe [1300:1356] 000007fefd1a1a70 Thread C:\Windows\system32\svchost.exe [1300:1364] 000007fefa6c2920 Thread C:\Windows\system32\svchost.exe [1300:1372] 000007fefa6d5840 Thread C:\Windows\system32\svchost.exe [1300:1388] 000007fefa6de680 Thread C:\Windows\system32\svchost.exe [1300:1392] 000007fefa6c9140 Thread C:\Windows\system32\svchost.exe [1300:1576] 000007fefa493060 Thread C:\Windows\system32\svchost.exe [1300:2184] 000007fefa495570 Thread C:\Windows\system32\svchost.exe [1300:2244] 000007fef8332940 Thread C:\Windows\system32\svchost.exe [1300:1736] 000007fefad92a40 Thread C:\Windows\system32\svchost.exe [1300:2496] 000007fefad92888 Thread C:\Windows\system32\svchost.exe [1612:2988] 000007fef6df8470 Thread C:\Windows\system32\svchost.exe [1612:2992] 000007fef6e02418 Thread C:\Windows\system32\svchost.exe [1612:1344] 000007fef6ce5f00 Thread C:\Windows\system32\svchost.exe [1612:2328] 000007fef554f130 Thread C:\Windows\system32\svchost.exe [1612:2588] 000007fef5544734 Thread C:\Windows\system32\svchost.exe [1612:3032] 000007fef5544734 Thread C:\Windows\system32\svchost.exe [1612:4544] 000007fef6e0976c Thread C:\Windows\System32\svchost.exe [2452:1692] 000007fef4f79688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1864:228] 000007fefbd02a88 Thread C:\Windows\system32\Dwm.exe [1456:2236] 000007fef7f6b0e4 Thread C:\Windows\system32\Dwm.exe [1456:2020] 000007fef954abf0 Thread C:\Windows\system32\AUDIODG.EXE [1932:3588] 00000000702e05a0 Thread C:\Windows\system32\AUDIODG.EXE [1932:3592] 00000000702e0720 Thread C:\Windows\system32\AUDIODG.EXE [1932:3596] 00000000702edaec Thread C:\Windows\system32\AUDIODG.EXE [1932:3600] 00000000702edc50 Thread C:\Windows\system32\AUDIODG.EXE [1932:3604] 000007fef7017cfc Thread C:\Windows\system32\AUDIODG.EXE [1932:3672] 000007fef4c557c4 Thread C:\Windows\system32\AUDIODG.EXE [1932:3676] 000007fef7017cfc Thread C:\Windows\system32\AUDIODG.EXE [1932:3680] 00000000702edaec Thread C:\Windows\system32\AUDIODG.EXE [1932:3684] 00000000702edc50 Thread C:\Program Files (x86)\DFX\DFX.exe [2472:3512] 0000000074962f69 Thread D:\Programy\Rainmerer\Rainmeter.exe [2848:3468] 000007fefb531ebc Thread C:\Windows\System32\svchost.exe [392:4452] 000007fef7c3fd00 Thread C:\Windows\System32\svchost.exe [392:7380] 000007fef9349874 ---- EOF - GMER 2.1 ----