GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-20 14:13:09 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500LM000-1EJ162 rev.DEM9 465,76GB Running: 5znyowp4.exe; Driver: C:\Users\Piotrek\AppData\Local\Temp\kwdiipow.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe [3800:4836] 0000000002983e68 Thread C:\Windows\SysWOW64\msiexec.exe [3352:3608] 000000007ef9392e Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4460:1796] 000007fef52d2ae8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4460:2528] 000007fee4e25648 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4460:3592] 000007fef8b75124 ---- Processes - GMER 2.1 ---- Process C:\Users\Piotrek\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe (*** suspicious ***) @ C:\Users\Piotrek\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [2344] (Microsoft® Volume Shadow Copy Service/Microsoft Corporation)(2015-06-23 10:58:03) 0000000000400000 Library C:\Users\Piotrek\AppData\Local\Temp\cdo3163136621.dll (*** suspicious ***) @ C:\Windows\SysWOW64\msiexec.exe [3352] (Microsoft CDO for Windows Library/Microsoft Corporation)(2015-10-19 18:58:04) 00000000003b0000 Library C:\Users\Piotrek\AppData\Local\Temp\cdo1941465742.dll (*** suspicious ***) @ C:\Windows\SysWOW64\msiexec.exe [3352] (Microsoft CDO for Windows Library/Microsoft Corporation)(2015-10-19 16:34:41) 00000000003e0000 ---- EOF - GMER 2.1 ----