GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-14 17:07:29 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000072 Samsung_ rev.DXT0 232,89GB Running: fwsi0ykq.exe; Driver: C:\Users\Dirciak\AppData\Local\Temp\awroapoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe[2212] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000075433485 5 bytes JMP 00000001025e2848 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[384] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000756c2ab1 5 bytes JMP 0000000100bdfa56 ---- Threads - GMER 2.1 ---- Thread C:\Windows\Explorer.EXE [3892:2556] 000000000292ced0 Thread C:\Windows\Explorer.EXE [3892:3464] 000000000292ced0 Thread C:\Windows\Explorer.EXE [3892:3468] 000000000292ced0 Thread C:\Windows\Explorer.EXE [3892:1896] 000000000292ced0 Thread C:\Windows\Explorer.EXE [3892:3108] 000000000292ced0 Thread C:\Windows\Explorer.EXE [3892:1804] 000000000292ced0 Thread C:\Windows\Explorer.EXE [3892:3592] 000000000292ced0 Thread C:\Windows\Explorer.EXE [3892:5548] 000000000292ced0 Thread C:\Windows\system32\taskhost.exe [3572:1796] 00000000020438f0 ---- Processes - GMER 2.1 ---- Process \\?\C:\Windows\system32\wbem\WMIADAP.EXE (*** suspicious ***) @ \\?\C:\Windows\system32\wbem\WMIADAP.EXE [5192] (WMI Reverse Performance Adapter Maintenance Utility/Microsoft Corporation)(2009-07-13 23:47:22) 00000000ff160000 ---- EOF - GMER 2.1 ----