GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-11 15:53:24 Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0 298,09GB Running: kx1wbytx.exe; Driver: C:\Users\Agata\AppData\Local\Temp\uglorpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2020] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075ad1ab6 4 bytes [C2, 04, 00, 00] ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DBAD2DAF-5252-4814-AF81-A0C5A15F0484}\mpengine.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [952] (Microsoft Malware Protection Engine/Microsoft Corporation)(2015-02-10 11:50:01) 000007fef7e10000 Process C:\ProgramData\DatacardService\DCService.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCService.exe [1912](2010-05-08 11:48:36) 0000000000400000 Process C:\ProgramData\DatacardService\DCSHelper.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCSHelper.exe [2932] (DataCardMonitor MFC Application/Huawei Technologies Co., Ltd.)(2010-05-08 11:48:26) 0000000000400000 Process \\?\C:\Windows\system32\wbem\WMIADAP.EXE (*** suspicious ***) @ \\?\C:\Windows\system32\wbem\WMIADAP.EXE [3236] (WMI Reverse Performance Adapter Maintenance Utility/Microsoft Corporation)(2009-11-26 21:07:19) 00000000ffbc0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{d2f55c5b-1cdc-4f58-8549-6ac92f4e3691}@Dhcpv6State 0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----