GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-10 21:24:29 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10S21X-24R1BT0-SSHD-8GB rev.03.01A01 931,51GB Running: qhvws504.exe; Driver: C:\Users\SYLWES~1\AppData\Local\Temp\uwdyapod.sys ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa800428d2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa800428d2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa800428d2c0 Device \FileSystem\Ntfs \Ntfs fffffa80042912c0 Device \FileSystem\fastfat \Fat fffffa8005f962c0 ---- Threads - GMER 2.1 ---- Thread [652:760] 0000000076f39a90 Thread [652:960] 0000000076f38f00 Thread [652:964] 0000000076f38f00 Thread [652:968] 0000000076f38f00 Thread [652:972] 0000000076f38f00 Thread [652:976] 0000000076f38f00 Thread [652:980] 0000000076f38f00 Thread [652:4408] 0000000076f38f00 Thread [652:5848] 0000000076f38f00 Thread C:\Windows\System32\svchost.exe [996:264] 000007fefbe1c4d4 Thread C:\Windows\System32\svchost.exe [996:352] 000007fefbe34d90 Thread C:\Windows\System32\svchost.exe [996:732] 000007fefbd4f440 Thread C:\Windows\System32\svchost.exe [996:444] 000007fefbc46204 Thread C:\Windows\System32\svchost.exe [996:1300] 000007fef9e45440 Thread C:\Windows\System32\svchost.exe [996:1832] 000007fefbe1c08c Thread C:\Windows\System32\svchost.exe [996:1844] 000007fefbe1c08c Thread C:\Windows\System32\svchost.exe [996:1848] 000007fefbe1c08c Thread C:\Windows\System32\svchost.exe [996:4104] 000007feed696b8c Thread C:\Windows\System32\svchost.exe [996:4108] 000007feed691d88 Thread C:\Windows\System32\svchost.exe [996:1828] 000007fefdf4c7d4 Thread C:\Windows\System32\svchost.exe [996:3844] 000007fef9f12070 Thread C:\Windows\System32\svchost.exe [996:5832] 000007fef9e8aae4 Thread C:\Windows\System32\svchost.exe [996:5768] 000007fef9e43130 Thread C:\Windows\System32\svchost.exe [348:1500] 000007fef95c59a0 Thread C:\Windows\System32\svchost.exe [348:3144] 000007feed6720c0 Thread C:\Windows\System32\svchost.exe [348:3556] 000007feed6726a8 Thread C:\Windows\System32\svchost.exe [348:1140] 000007fef5337750 Thread C:\Windows\System32\svchost.exe [348:6068] 000007fef55788f8 Thread C:\Windows\System32\svchost.exe [348:7088] 000007feeaa83e98 Thread C:\Windows\System32\svchost.exe [348:5368] 000007feeaba8a4c Thread C:\Windows\System32\svchost.exe [348:2860] 000007feed6729dc Thread C:\Windows\System32\svchost.exe [348:5668] 000007feed6729dc Thread C:\Windows\System32\svchost.exe [348:6292] 000007feed6729dc Thread C:\Windows\system32\svchost.exe [452:1592] 000007fef87b6928 Thread C:\Windows\system32\svchost.exe [452:1596] 000007fef8701a50 Thread C:\Windows\system32\svchost.exe [452:2724] 000007fefc871a70 Thread C:\Windows\system32\svchost.exe [452:2628] 000007fefc871a70 Thread C:\Windows\system32\svchost.exe [452:3332] 000007fef454506c Thread C:\Windows\system32\svchost.exe [452:3340] 000007fef47e1c20 Thread C:\Windows\system32\svchost.exe [452:3348] 000007fef47e1c20 Thread C:\Windows\system32\svchost.exe [452:6460] 000007fef50817f4 Thread C:\Windows\system32\svchost.exe [452:3164] 000007fef50817f4 Thread C:\Windows\system32\svchost.exe [452:4896] 000007fefafc4164 Thread C:\Windows\system32\svchost.exe [452:3784] 000007fefb951ab0 Thread C:\Windows\system32\svchost.exe [452:4404] 000007fef55bb698 Thread C:\Windows\system32\svchost.exe [452:6700] 000007fef55bb698 Thread C:\Windows\system32\svchost.exe [452:3708] 000007fef50817f4 Thread C:\Windows\system32\svchost.exe [1068:3200] 000007fef7970ea8 Thread C:\Windows\system32\svchost.exe [1068:3196] 000007fef7969db0 Thread C:\Windows\system32\svchost.exe [1068:4064] 000007fef7971c94 Thread C:\Windows\system32\svchost.exe [1068:3952] 000007feec0d6848 Thread C:\Windows\system32\svchost.exe [1068:7144] 000007fef796aa10 Thread C:\Windows\system32\svchost.exe [1068:7116] 000007fef2a86ed4 Thread C:\Windows\system32\svchost.exe [1068:7000] 000007fef2a86b8c Thread C:\Windows\system32\svchost.exe [1292:2784] 000007fef5c4f978 Thread C:\Windows\system32\svchost.exe [1292:4228] 000007fef5795124 Thread C:\Windows\system32\svchost.exe [1292:4652] 000007feeb8ffd00 Thread C:\Windows\system32\svchost.exe [1292:5664] 000007fef2ab3260 Thread C:\Windows\system32\svchost.exe [1292:2432] 000007fef2ab3aac Thread C:\Windows\system32\svchost.exe [1292:5952] 000007fef2ab3864 Thread C:\Windows\system32\svchost.exe [1292:5056] 000007fef2ab46d0 Thread C:\Windows\system32\svchost.exe [1292:2912] 000007fef2ab3980 Thread C:\Windows\system32\Dwm.exe [1460:3584] 000007fef9abb0e4 Thread C:\Windows\system32\Dwm.exe [1460:3588] 000007fef2bcabf0 Thread C:\Windows\system32\WLANExt.exe [1504:2444] 000007fef6f34094 Thread C:\Windows\system32\WLANExt.exe [1504:2448] 000007fef92376a0 Thread C:\Windows\system32\WLANExt.exe [1504:2456] 000007fef6f34094 Thread C:\Windows\system32\WLANExt.exe [1504:2604] 000007fef6e32f9c Thread C:\Windows\system32\WLANExt.exe [1504:2792] 000007fef6ba46d0 Thread C:\Windows\system32\WLANExt.exe [1504:2796] 000007fef6ba46ec Thread C:\Windows\system32\WLANExt.exe [1504:2800] 000007fef6ba46b4 Thread C:\Windows\system32\WLANExt.exe [1504:2804] 000007fef6e32f9c Thread C:\Windows\system32\WLANExt.exe [1504:2528] 000007fef6e32f9c Thread C:\Windows\System32\spoolsv.exe [1616:1888] 000007fef7d210c8 Thread C:\Windows\System32\spoolsv.exe [1616:1912] 000007fef7ce6144 Thread C:\Windows\System32\spoolsv.exe [1616:1916] 000007fef7ad5fd0 Thread C:\Windows\System32\spoolsv.exe [1616:1920] 000007fef9ce3438 Thread C:\Windows\System32\spoolsv.exe [1616:1924] 000007fef7ad63ec Thread C:\Windows\System32\spoolsv.exe [1616:1932] 000007fef7de5e5c Thread C:\Windows\System32\spoolsv.exe [1616:1936] 000007fef83e4828 Thread C:\Windows\System32\spoolsv.exe [1616:1952] 0000000180002300 Thread C:\Windows\System32\spoolsv.exe [1616:1956] 00000001800072c0 Thread C:\Windows\System32\spoolsv.exe [1616:1964] 000007fef7dbe088 Thread C:\Windows\system32\svchost.exe [1644:1244] 000007fef78f3060 Thread C:\Windows\system32\svchost.exe [1644:3464] 000007fef78f5570 Thread C:\Windows\system32\svchost.exe [1644:3720] 000007feed072888 Thread C:\Windows\system32\svchost.exe [1644:3984] 000007feed062940 Thread C:\Windows\system32\svchost.exe [1644:3316] 000007feed072a40 Thread C:\Windows\system32\taskhost.exe [1716:1752] 000007fef8632740 Thread C:\Windows\system32\taskhost.exe [1716:1808] 000007fef8521f38 Thread C:\Windows\system32\taskhost.exe [1716:2348] 000007fefa2d1010 Thread C:\Windows\Explorer.EXE [1432:3356] 000007feecde2118 Thread C:\Windows\Explorer.EXE [1432:4140] 000007fef6e32f9c Thread C:\Windows\Explorer.EXE [1432:4816] 000007fefa2d1010 Thread C:\Windows\Explorer.EXE [1432:888] 000007feeed1a1b8 Thread C:\Windows\Explorer.EXE [1432:336] 000007fef6e32f9c Thread C:\Windows\Explorer.EXE [1432:696] 000007fef6e32f9c Thread C:\Windows\Explorer.EXE [1432:6800] 000007feeb44f5bc Thread C:\Windows\system32\svchost.exe [2136:2124] 000007fef52b6f00 Thread C:\Windows\system32\svchost.exe [2136:2180] 000007fef52ad390 Thread C:\Windows\system32\svchost.exe [1692:3156] 000007fefd6fa808 Thread C:\Windows\system32\svchost.exe [1692:620] 000007feed506e5c Thread C:\Windows\system32\svchost.exe [1692:4060] 000007feed505708 Thread C:\Windows\system32\svchost.exe [1384:4216] 000007feec888470 Thread C:\Windows\system32\svchost.exe [1384:4220] 000007feec892418 Thread C:\Windows\system32\svchost.exe [1384:2924] 000007fef7ad5fd0 Thread C:\Windows\system32\svchost.exe [1384:3512] 000007fef7ad63ec Thread C:\Windows\system32\svchost.exe [1384:5312] 000007feea4af130 Thread C:\Windows\system32\svchost.exe [1384:5328] 000007feea4a4734 Thread C:\Windows\system32\svchost.exe [1384:5684] 000007fee9865b84 Thread C:\Windows\system32\svchost.exe [1384:6116] 000007feea4a4734 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4160:4084] 000007fefb412a74 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4160:4080] 000007fee85cdc08 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4160:5692] 000007fef5795124 Thread C:\Windows\System32\svchost.exe [6096:1516] 000007fefae19688 Thread C:\Windows\system32\AUDIODG.EXE [4488:4548] 000007fef26c7cfc ---- Processes - GMER 2.1 ---- Process C:\ProgramData\DatacardService\HWDeviceService64.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\HWDeviceService64.exe [2596](2013-04-10 05:58:06) 000000013f7f0000 Process C:\ProgramData\DatacardService\DCSHelper.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCSHelper.exe [2712] (DataCardMonitor MFC Application/Huawei Technologies Co., Ltd.)(2013-04-10 05:58:02) 0000000000400000 Library C:\Users\sylwester\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\Ontology.dll (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [3832] (Application Ontology library/NVIDIA Corporation)(2015-08-06 13:25:36) 00000000743d0000 ---- EOF - GMER 2.1 ----