GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-21 11:46:41 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000034 ST500LT012-9WS142 rev.0001SDM1 465,76GB Running: 2e7xczsw.exe; Driver: C:\Users\FILIPJ~1\AppData\Local\Temp\uxldypod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000096500 15 bytes [00, F1, 0F, 02, C0, 1E, 70, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff96000096510 11 bytes [00, 4D, FC, FF, 80, 7C, DF, ...] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\services.exe[836] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffddcd1977d 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[552] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffddcd1977d 1 byte [62] .text C:\WINDOWS\System32\svchost.exe[1088] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffddcd1977d 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[1264] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffddcd1977d 1 byte [62] .text C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe[2124] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffddcd1977d 1 byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[3816] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffddcd1977d 1 byte [62] .text C:\WINDOWS\Explorer.EXE[5848] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffddcd1977d 1 byte [62] .text C:\WINDOWS\system32\taskhost.exe[516] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffddcd1977d 1 byte [62] .text C:\WINDOWS\system32\AUDIODG.EXE[2764] C:\WINDOWS\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffddcd1977d 1 byte [62] .text C:\WINDOWS\system32\taskeng.exe[3016] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffddcd1977d 1 byte [62] .text C:\WINDOWS\system32\SearchProtocolHost.exe[160] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffddcd1977d 1 byte [62] .text C:\WINDOWS\system32\SearchFilterHost.exe[3172] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffddcd1977d 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\svchost.exe [552:6752] 00007ffdd60f11b0 Thread C:\WINDOWS\system32\svchost.exe [552:6256] 00007ffdd63138e0 Thread C:\WINDOWS\system32\svchost.exe [84:3152] 00007ffdce450b50 Thread C:\WINDOWS\system32\svchost.exe [84:3220] 00007ffdce44c574 Thread C:\WINDOWS\system32\svchost.exe [84:3240] 00007ffdce44f55c Thread C:\WINDOWS\system32\svchost.exe [84:3244] 00007ffdcdc8a448 Thread C:\WINDOWS\system32\svchost.exe [84:3248] 00007ffdce451674 Thread C:\WINDOWS\system32\svchost.exe [84:3252] 00007ffdce447490 Thread C:\WINDOWS\system32\svchost.exe [84:3288] 00007ffdcda74b04 Thread C:\WINDOWS\system32\svchost.exe [84:3728] 00007ffdcdc8a868 Thread C:\WINDOWS\system32\svchost.exe [84:3980] 00007ffdcdc8abc8 Thread C:\WINDOWS\system32\svchost.exe [84:2984] 00007ffdce44d5a0 Thread C:\WINDOWS\system32\svchost.exe [84:2660] 00007ffdce106c08 Thread C:\WINDOWS\system32\svchost.exe [84:4012] 00007ffdce106800 Thread C:\WINDOWS\system32\svchost.exe [1264:1656] 00007ffdd94e4558 Thread C:\WINDOWS\system32\svchost.exe [1264:1680] 00007ffdd94e4558 Thread C:\WINDOWS\system32\svchost.exe [1264:1748] 00007ffdd94e4558 Thread C:\WINDOWS\system32\svchost.exe [1264:1756] 00007ffdd22749b0 Thread C:\WINDOWS\system32\svchost.exe [1264:1764] 00007ffdd2395ae0 Thread C:\WINDOWS\system32\svchost.exe [1264:1780] 00007ffdd2283f20 Thread C:\WINDOWS\system32\svchost.exe [1264:1784] 00007ffdd2295830 Thread C:\WINDOWS\system32\svchost.exe [1264:1788] 00007ffdd2284208 Thread C:\WINDOWS\system32\svchost.exe [1264:2056] 00007ffdd1de2b90 Thread C:\WINDOWS\system32\svchost.exe [1264:2088] 00007ffdd1de67bc Thread C:\WINDOWS\system32\svchost.exe [1264:3404] 00007ffdcd471584 Thread C:\WINDOWS\system32\svchost.exe [1264:3460] 00007ffdcd912110 Thread C:\WINDOWS\system32\svchost.exe [1264:3464] 00007ffdcd764608 Thread C:\WINDOWS\system32\svchost.exe [1264:3472] 00007ffdcd741b30 Thread C:\WINDOWS\system32\svchost.exe [1264:3384] 00007ffdcd761040 Thread C:\WINDOWS\system32\WLANExt.exe [1356:1696] 00007ffdd2ff46e4 Thread C:\WINDOWS\system32\WLANExt.exe [1356:1700] 00007ffdd2ff4700 Thread C:\WINDOWS\system32\WLANExt.exe [1356:1704] 00007ffdd2ff46c8 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2756:2760] 00000000008e4902 Thread C:\WINDOWS\system32\svchost.exe [2804:2120] 000000000040a988 Thread C:\WINDOWS\system32\svchost.exe [2804:2676] 00007ffdd2cd4420 Thread C:\WINDOWS\system32\svchost.exe [2804:2352] 00007ffdceca12f8 Thread C:\WINDOWS\system32\svchost.exe [2804:5216] 00007ffdcec83118 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4652:4820] 00000000011e8fb2 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4652:5672] 0000000076ac78a0 Thread C:\WINDOWS\system32\csrss.exe [4360:788] fffff960009cd4d0 Thread C:\WINDOWS\Explorer.EXE [5848:4156] 00007ffdd9a87ea8 Thread C:\WINDOWS\Explorer.EXE [5848:2072] 00007ffdd54a1e40 Thread C:\WINDOWS\Explorer.EXE [5848:2908] 00007ffdd0518c54 Thread C:\WINDOWS\Explorer.EXE [5848:4496] 00007ffddbfb2764 Thread C:\WINDOWS\system32\taskhostex.exe [4396:2952] 00007ffdd60922a0 Thread C:\WINDOWS\system32\taskhostex.exe [4396:5324] 00007ffdd0e32310 Thread C:\WINDOWS\system32\taskhostex.exe [4396:3488] 00007ffddc5b9e7c Thread C:\WINDOWS\system32\taskhostex.exe [4396:4656] 00007ffdd2cd1120 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3928:4196] 000000000129b4f0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3928:3516] 000000000129c96c Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3928:6856] 000000000129c96c Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2956:1596] 00000000004fa544 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\DatacardService\HWDeviceService64.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\HWDeviceService64.exe [2308](2010-11-16 13:38:16) 00007ff65d540000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----