GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-21 15:17:50 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST3160815AS rev.3.CHH 149,05GB Running: rnh2leri.exe; Driver: C:\Users\Michal\AppData\Local\Temp\fwddikog.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [312:348] 000007fefcd41f00 Thread C:\Windows\system32\csrss.exe [312:352] 000007fefcd41c90 Thread C:\Windows\system32\csrss.exe [312:408] 000007fefcd43710 Thread C:\Windows\system32\csrss.exe [312:412] 000007fefcd43710 Thread C:\Windows\system32\csrss.exe [312:464] 000007fefcd43710 Thread C:\Windows\System32\svchost.exe [736:768] 000007fefbd0dc50 Thread C:\Windows\System32\svchost.exe [736:772] 000007fefbd228b0 Thread C:\Windows\System32\svchost.exe [736:932] 000007fefbc3f2f4 Thread C:\Windows\System32\svchost.exe [736:984] 000007fefbbb6204 Thread C:\Windows\System32\svchost.exe [736:332] 000007fefa665428 Thread C:\Windows\System32\svchost.exe [736:2080] 000007fefbd0d604 Thread C:\Windows\System32\svchost.exe [736:2084] 000007fefbd0d604 Thread C:\Windows\System32\svchost.exe [736:2264] 000007fefbd0d604 Thread C:\Windows\System32\svchost.exe [736:2828] 000007fefd68c608 Thread C:\Windows\System32\svchost.exe [736:3592] 000007fefa762070 Thread C:\Windows\System32\svchost.exe [736:4448] 000007fef94c5fd0 Thread C:\Windows\System32\svchost.exe [736:2204] 000007fefa663118 Thread C:\Windows\System32\svchost.exe [776:816] 000007fefbc3f2f4 Thread C:\Windows\System32\svchost.exe [776:900] 000007fefbbb6204 Thread C:\Windows\System32\svchost.exe [776:284] 000007fefa77331c Thread C:\Windows\System32\svchost.exe [776:832] 000007fefa2459a0 Thread C:\Windows\System32\svchost.exe [776:288] 000007fefc781a70 Thread C:\Windows\System32\svchost.exe [776:2512] 000007fef63420c0 Thread C:\Windows\System32\svchost.exe [776:2572] 000007fef63426a8 Thread C:\Windows\System32\svchost.exe [776:2884] 000007fefd68c608 Thread C:\Windows\System32\svchost.exe [776:2888] 000007fefd68c608 Thread C:\Windows\System32\svchost.exe [776:2892] 000007fefd68c608 Thread C:\Windows\System32\svchost.exe [776:2896] 000007fefd68c608 Thread C:\Windows\System32\svchost.exe [776:2900] 000007fefd68c608 Thread C:\Windows\System32\svchost.exe [776:1496] 000007fef7013efc Thread C:\Windows\System32\svchost.exe [776:2956] 000007fef7058a4c Thread C:\Windows\System32\svchost.exe [776:2776] 000007fef87744e0 Thread C:\Windows\System32\svchost.exe [776:2304] 000007fef63429dc Thread C:\Windows\system32\svchost.exe [804:844] 000007fefb95034c Thread C:\Windows\system32\svchost.exe [804:848] 000007fefb94fb90 Thread C:\Windows\system32\svchost.exe [804:2536] 000007fef7d90ea8 Thread C:\Windows\system32\svchost.exe [804:2540] 000007fef7d89db0 Thread C:\Windows\system32\svchost.exe [804:2696] 000007fef7d91c94 Thread C:\Windows\system32\svchost.exe [804:2432] 000007fef40bb1b0 Thread C:\Windows\system32\svchost.exe [804:3496] 000007fef43c6848 Thread C:\Windows\system32\svchost.exe [804:4084] 000007fef7d8aa10 Thread C:\Windows\system32\svchost.exe [804:3848] 000007fef92cd3c8 Thread C:\Windows\system32\svchost.exe [804:1048] 000007fef92cd3c8 Thread C:\Windows\system32\svchost.exe [804:3952] 000007fef92cd3c8 Thread C:\Windows\system32\svchost.exe [804:4180] 000007fef92cd3c8 Thread C:\Windows\system32\svchost.exe [836:1044] 000007fef9e71e00 Thread C:\Windows\system32\svchost.exe [836:1108] 000007fef9cf1a50 Thread C:\Windows\system32\svchost.exe [836:1800] 000007fefc781a70 Thread C:\Windows\system32\svchost.exe [836:2052] 000007fef45a506c Thread C:\Windows\system32\svchost.exe [836:1336] 000007fef4951c20 Thread C:\Windows\system32\svchost.exe [836:2028] 000007fef4951c20 Thread C:\Windows\system32\svchost.exe [836:4948] 000007fef80e17f8 Thread C:\Windows\system32\svchost.exe [836:5052] 000007fef80e17f8 Thread C:\Windows\system32\svchost.exe [836:2500] 000007fef80e17f8 Thread C:\Windows\system32\svchost.exe [836:3804] 000007fef9df1ab0 Thread C:\Windows\system32\svchost.exe [836:1616] 000007fef864b68c Thread C:\Windows\system32\svchost.exe [836:4392] 000007fef80e17f8 Thread C:\Windows\system32\svchost.exe [836:4728] 000007fef80e17f8 Thread C:\Windows\system32\svchost.exe [836:1732] 000007fef80e17f8 Thread C:\Windows\system32\svchost.exe [1000:1052] 000007fefa888274 Thread C:\Windows\system32\svchost.exe [1000:1392] 000007fefa888274 Thread C:\Windows\system32\svchost.exe [320:1332] 000007fef947bd88 Thread C:\Windows\system32\svchost.exe [320:3016] 000007fef9655124 Thread C:\Windows\system32\svchost.exe [320:2860] 000007fef5f45170 Thread C:\Windows\system32\svchost.exe [320:4292] 000007fef697341c Thread C:\Windows\system32\svchost.exe [320:3696] 000007fef6973a2c Thread C:\Windows\system32\svchost.exe [320:1960] 000007fef6973768 Thread C:\Windows\system32\svchost.exe [320:3132] 000007fef6975c20 Thread C:\Windows\system32\svchost.exe [320:948] 000007fef6973900 Thread C:\Windows\System32\spoolsv.exe [1128:2124] 000007fefade10c8 Thread C:\Windows\System32\spoolsv.exe [1128:2160] 000007fefad66144 Thread C:\Windows\System32\spoolsv.exe [1128:2164] 000007fef94c5fd0 Thread C:\Windows\System32\spoolsv.exe [1128:2168] 000007fefad43438 Thread C:\Windows\System32\spoolsv.exe [1128:2172] 000007fef94c63ec Thread C:\Windows\System32\spoolsv.exe [1128:2180] 000007fef7495e5c Thread C:\Windows\System32\spoolsv.exe [1128:2184] 000007fef9175074 Thread C:\Windows\system32\svchost.exe [1156:1328] 000007fef9a735c0 Thread C:\Windows\system32\svchost.exe [1156:2388] 000007fef9a75600 Thread C:\Windows\system32\svchost.exe [1156:2604] 000007fef5bf2888 Thread C:\Windows\system32\svchost.exe [1156:2616] 000007fef5be2940 Thread C:\Windows\system32\svchost.exe [1280:1556] 000007fef94c5fd0 Thread C:\Windows\system32\svchost.exe [1280:1560] 000007fef94c63ec Thread C:\Windows\system32\svchost.exe [1280:3008] 000007fef4a78470 Thread C:\Windows\system32\svchost.exe [1280:3012] 000007fef4a82418 Thread C:\Windows\system32\Dwm.exe [1520:1580] 000007fef8fef0d8 Thread C:\Windows\system32\Dwm.exe [1520:1584] 000007fef8a8abf0 Thread C:\Windows\Explorer.EXE [1532:1836] 000007fef7a12154 Thread C:\Windows\Explorer.EXE [1532:2076] 000007fefbbb6204 Thread C:\Windows\Explorer.EXE [1532:2672] 000007fef7302118 Thread C:\Windows\Explorer.EXE [1532:2380] 000007fef73e1010 Thread C:\Windows\Explorer.EXE [1532:1064] 000007fef64ca3f8 Thread C:\Windows\Explorer.EXE [1532:2300] 000007fef9d82f9c Thread C:\Windows\Explorer.EXE [1532:1844] 000007fef9d82f9c Thread C:\Windows\Explorer.EXE [1532:2796] 000007fef9d82f9c Thread C:\Windows\Explorer.EXE [1532:5000] 000007fef376f5bc Thread C:\Windows\system32\svchost.exe [1644:1660] 000007fefeffa808 Thread C:\Windows\system32\svchost.exe [1644:1708] 000007fef8947130 Thread C:\Windows\system32\svchost.exe [1644:1712] 000007fef893d5c0 Thread C:\Windows\system32\taskhost.exe [2280:2320] 000007fef9282740 Thread C:\Windows\system32\taskhost.exe [2280:2456] 000007fefacb1f38 Thread C:\Windows\system32\taskhost.exe [2280:2460] 000007fefdae9274 Thread C:\Windows\system32\taskhost.exe [2280:2628] 000007fef73e1010 Thread C:\Windows\system32\taskhost.exe [2280:1936] 000007fef5f45170 Thread C:\Windows\system32\svchost.exe [2408:2424] 000007fefeffa808 Thread C:\Windows\System32\svchost.exe [2912:1316] 000007fef9659874 Thread C:\Windows\system32\sppsvc.exe [1764:1420] 000007fefd156e60 Thread C:\Windows\system32\taskhost.exe [3844:3824] 000007fef747ef24 Thread C:\Windows\system32\WLANExt.exe [1916:5088] 000007fef9d82f9c Thread C:\Windows\system32\WLANExt.exe [1916:2220] 000007fef9d82f9c ---- Processes - GMER 2.1 ---- Process C:\ProgramData\Soloeco\Soloeco.exe (*** suspicious ***) @ C:\ProgramData\Soloeco\Soloeco.exe [1436](2015-10-01 09:01:13) 0000000000350000 Process C:\ProgramData\Soloeco\Soloeco.exe (*** suspicious ***) @ C:\ProgramData\Soloeco\Soloeco.exe [1084](2015-10-01 09:01:13) 0000000000350000 ---- EOF - GMER 2.1 ----