GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-04-03 21:52:58
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000031 Samsung_SSD_840_EVO_120GB rev.EXT0BB0Q 111,79GB
Running: strui44q.exe; Driver: C:\Users\Maciek\AppData\Local\Temp\uwldqpob.sys


---- User code sections - GMER 2.2 ----

?       C:\Windows\SYSTEM32\iertutil.dll [6080] entry point in ".rdata" section                                                           0000000073decaf0
?       C:\Windows\SYSTEM32\ActXPrxy.dll [6080] entry point in ".rdata" section                                                           0000000072d4bc40
?       C:\Windows\system32\apphelp.dll [4688] entry point in ".rdata" section                                                            0000000074350380
?       C:\Windows\system32\wbem\wbemsvc.dll [3456] entry point in ".rdata" section                                                       0000000072e08fa0
?       C:\Windows\SYSTEM32\iertutil.dll [3456] entry point in ".rdata" section                                                           0000000073decaf0
?       C:\Windows\SYSTEM32\ActXPrxy.dll [6964] entry point in ".rdata" section                                                           0000000072d4bc40
?       C:\Windows\system32\wbem\wbemsvc.dll [1436] entry point in ".rdata" section                                                       0000000072e08fa0
?       C:\Windows\system32\d3d10_1.dll [1436] entry point in ".rdata" section                                                            00000000601624b0
?       C:\Windows\SYSTEM32\iertutil.dll [1436] entry point in ".rdata" section                                                           0000000073decaf0
?       C:\Windows\system32\apphelp.dll [224] entry point in ".rdata" section                                                             0000000074350380

---- Threads - GMER 2.2 ----

Thread  C:\Windows\system32\csrss.exe [632:692]                                                                                           fffff96047194060

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                                 399927377
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated                                               0x59 0x64 0x84 0x67 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh                                                    0x59 0xCC 0x48 0xC9 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow                                                     0x59 0xFC 0xBF 0x05 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount                                               0xD0 0x55 0x21 0x00 ...
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Current\Windows.SystemToast.SecurityAndMaintenance\449               
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Current\Windows.SystemToast.SecurityAndMaintenance\449@ImageFileUri  file://C:\Users\Maciek\AppData\Local\Microsoft\Windows\ActionCenterCache\{37EC7078-351B-4DDE-B4AF-874BE9A90C11}.png
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance@MessageTime                                               0xFC 0x18 0xCE 0x82 ...

---- Disk sectors - GMER 2.2 ----

Disk    \Device\Harddisk0\DR0                                                                                                             unknown MBR code

---- EOF - GMER 2.2 ----