GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-11 12:02:50 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD7500BPVT-00HXZT3 rev.01.01A01 698,64GB Running: velodq04.exe; Driver: C:\Users\zawias\AppData\Local\Temp\afrdypog.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [888:484] 000007fefa84ffc0 Thread C:\Windows\System32\svchost.exe [888:816] 000007fefa47331c Thread C:\Windows\System32\svchost.exe [888:360] 000007fefa3b31f4 Thread C:\Windows\System32\svchost.exe [888:1152] 000007fef9c859a0 Thread C:\Windows\System32\svchost.exe [888:1956] 000007fefc6f1a70 Thread C:\Windows\System32\svchost.exe [888:2144] 000007fef7ec44e0 Thread C:\Windows\System32\svchost.exe [888:4084] 000007fef85988f8 Thread C:\Windows\system32\svchost.exe [1056:1116] 000007fefa04341c Thread C:\Windows\system32\svchost.exe [1056:1132] 000007fefa043a2c Thread C:\Windows\system32\svchost.exe [1056:1136] 000007fefa043768 Thread C:\Windows\system32\svchost.exe [1056:1140] 000007fefa045c20 Thread C:\Windows\system32\svchost.exe [1056:1424] 000007fefa043900 Thread C:\Windows\system32\svchost.exe [1056:1592] 000007fef85dbec4 Thread C:\Windows\system32\svchost.exe [1056:2068] 000007fef28d5170 Thread C:\Windows\system32\svchost.exe [1056:3692] 000007fef8415124 Thread C:\Windows\System32\spoolsv.exe [1224:1040] 000007fef47410c8 Thread C:\Windows\System32\spoolsv.exe [1224:912] 000007fef4706144 Thread C:\Windows\System32\spoolsv.exe [1224:680] 000007fef44f5fd0 Thread C:\Windows\System32\spoolsv.exe [1224:760] 000007fef44e3438 Thread C:\Windows\System32\spoolsv.exe [1224:428] 000007fef44f63ec Thread C:\Windows\System32\spoolsv.exe [1224:1504] 000007fef4995e5c Thread C:\Windows\System32\spoolsv.exe [1224:1536] 000007fef4a45090 Thread C:\Windows\system32\svchost.exe [1252:1276] 000007fefc6f1a70 Thread C:\Windows\system32\svchost.exe [1252:1280] 000007fefc6f1a70 Thread C:\Windows\system32\svchost.exe [1252:1292] 000007fefc6f1a70 Thread C:\Windows\system32\svchost.exe [1252:1300] 000007fef9542c70 Thread C:\Windows\system32\svchost.exe [1252:1312] 000007fef954fb40 Thread C:\Windows\system32\svchost.exe [1252:1340] 000007fef9561d20 Thread C:\Windows\system32\svchost.exe [1252:1344] 000007fef954f6f0 Thread C:\Windows\system32\svchost.exe [1252:1392] 000007fef94b35c0 Thread C:\Windows\system32\svchost.exe [1252:2508] 000007fef94b5600 Thread C:\Windows\system32\svchost.exe [1252:2624] 000007fefbc12940 Thread C:\Windows\system32\svchost.exe [1252:2628] 000007fefb4f2888 Thread C:\Windows\system32\svchost.exe [1252:2616] 000007fefb4f2a40 Thread C:\Windows\system32\taskhost.exe [1532:1640] 000007fef43c2740 Thread C:\Windows\system32\taskhost.exe [1532:2016] 000007fef4391f38 Thread C:\Windows\system32\taskhost.exe [1532:2164] 000007fefaa31010 Thread C:\Windows\System32\svchost.exe [3780:3972] 000007fef5029688 ---- Processes - GMER 2.1 ---- Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\libViber.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472](2015-02-09 11:03:13) 000000006f6a0000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\libGLESv2.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472](2015-02-09 11:03:13) 0000000074330000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\qfacebook.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472](2015-02-04 13:29:27) 0000000074810000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\Qt5Network.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-09 11:03:16) 0000000073ec0000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\Qt5Core.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-04 13:29:27) 0000000073ac0000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\icuin51.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472] (ICU I18N DLL/The ICU Project)(2015-02-09 11:03:13) 000000004a900000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\icuuc51.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472] (ICU Common DLL/The ICU Project)(2015-02-09 11:03:13) 0000000000ad0000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\icudt51.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472] (ICU Data DLL/The ICU Project)(2015-02-09 11:03:12) 000000006e150000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\exif.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472](2015-02-09 11:03:12) 00000000739a0000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-09 11:03:17) 000000006dd10000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\Qt5Gui.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-09 11:03:16) 00000000735f0000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-09 11:03:16) 00000000735b0000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\Qt5Sql.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-09 11:03:16) 0000000073580000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-09 11:03:16) 000000006ccc0000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\Qt5Quick.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-09 11:03:16) 000000006ca90000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\Qt5Qml.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-09 11:03:16) 000000006c820000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\libEGL.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472](2015-02-09 11:03:13) 0000000074740000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-04 13:29:28) 0000000072ee0000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-09 11:03:16) 0000000072e90000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\Qt5Declarative.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-09 11:03:16) 000000006c5c0000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\Qt5XmlPatterns.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-09 11:03:17) 000000006c350000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\Qt5Script.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-09 11:03:16) 000000006c230000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472](2015-02-04 13:29:27) 000000006c150000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\imageformats\qgif.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472](2015-02-09 11:03:16) 0000000073560000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\imageformats\qico.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472](2015-02-09 11:03:16) 0000000072c70000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472](2015-02-09 11:03:16) 000000006c0b0000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\imageformats\qmng.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472](2015-02-09 11:03:16) 000000006c070000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\imageformats\qsvg.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472](2015-02-04 13:29:27) 000000006c060000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\Qt5Svg.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-09 11:03:16) 000000006c020000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\imageformats\qtga.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472](2015-02-09 11:03:17) 000000006c010000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\imageformats\qtiff.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472](2015-02-09 11:03:17) 000000006bfc0000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\imageformats\qwbmp.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472](2015-02-09 11:03:17) 000000006bfb0000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\sqldrivers\qsqlite.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472](2015-02-04 13:29:28) 000000006bf10000 Library C:\Users\zawias\AppData\Local\Viber\5.0.0.2821\iconengines\qsvgicon.dll (*** suspicious ***) @ C:\Users\zawias\AppData\Local\Viber\Viber.exe [1472](2015-02-09 11:03:16) 000000006b920000 ---- EOF - GMER 2.1 ----