GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-27 16:10:17 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1 WDC_WD4000AAKS-00YGA0 rev.12.01C02 372.61GB Running: 5ux5l6qf.exe; Driver: C:\Users\PAWE~1\AppData\Local\Temp\pxldqpoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600013bf00 15 bytes [00, D9, 10, 02, 40, B2, 6F, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff9600013bf10 11 bytes [00, D0, FB, FF, 80, 5C, C4, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[980] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd329a169a 4 bytes [9A, 32, FD, 7F] .text C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[980] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd329a16a2 4 bytes [9A, 32, FD, 7F] .text C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[980] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd329a181a 4 bytes [9A, 32, FD, 7F] .text C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[980] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd329a1832 4 bytes [9A, 32, FD, 7F] .text C:\Windows\system32\atiesrxx.exe[364] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd329a169a 4 bytes [9A, 32, FD, 7F] .text C:\Windows\system32\atiesrxx.exe[364] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd329a16a2 4 bytes [9A, 32, FD, 7F] .text C:\Windows\system32\atiesrxx.exe[364] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd329a181a 4 bytes [9A, 32, FD, 7F] .text C:\Windows\system32\atiesrxx.exe[364] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd329a1832 4 bytes [9A, 32, FD, 7F] .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[2628] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd329a169a 4 bytes [9A, 32, FD, 7F] .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[2628] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd329a16a2 4 bytes [9A, 32, FD, 7F] .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[2628] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd329a181a 4 bytes [9A, 32, FD, 7F] .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[2628] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd329a1832 4 bytes [9A, 32, FD, 7F] .text C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe[2716] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd329a169a 4 bytes [9A, 32, FD, 7F] .text C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe[2716] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd329a16a2 4 bytes [9A, 32, FD, 7F] .text C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe[2716] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd329a181a 4 bytes [9A, 32, FD, 7F] .text C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe[2716] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd329a1832 4 bytes [9A, 32, FD, 7F] .text C:\Windows\system32\atieclxx.exe[5204] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd329a169a 4 bytes [9A, 32, FD, 7F] .text C:\Windows\system32\atieclxx.exe[5204] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd329a16a2 4 bytes [9A, 32, FD, 7F] .text C:\Windows\system32\atieclxx.exe[5204] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd329a181a 4 bytes [9A, 32, FD, 7F] .text C:\Windows\system32\atieclxx.exe[5204] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd329a1832 4 bytes [9A, 32, FD, 7F] .text C:\Users\Pawe許AppData\Roaming\Steganos\OkayFreedom\Proxy\node.exe[5416] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd329a169a 4 bytes [9A, 32, FD, 7F] .text C:\Users\Pawe許AppData\Roaming\Steganos\OkayFreedom\Proxy\node.exe[5416] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd329a16a2 4 bytes [9A, 32, FD, 7F] .text C:\Users\Pawe許AppData\Roaming\Steganos\OkayFreedom\Proxy\node.exe[5416] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd329a181a 4 bytes [9A, 32, FD, 7F] .text C:\Users\Pawe許AppData\Roaming\Steganos\OkayFreedom\Proxy\node.exe[5416] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd329a1832 4 bytes [9A, 32, FD, 7F] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [3572:5528] fffff960009764d0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1054306478 Reg HKLM\SYSTEM\CurrentControlSet\Services\GDMnIcpt\Parameters@EnableFilter 1 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_AVKProxy.exe_cb2d4dd8e4ce95cb44166732711e7f10e65f4ed9_94e740b3_09a6d61f Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0xDA 0x03 0x03 0x00 ... ---- Files - GMER 2.1 ---- File C:\Users\Pawe許AppData\Local\Temp\tmp9A78.tmp 0 bytes ---- EOF - GMER 2.1 ----