GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-06-04 20:06:11
Windows 6.2.9200  x64 \Device\Harddisk2\DR2 -> \Device\0000003b KINGSTON_SH103S3240G rev.580ABBF0 223,57GB
Running: ldlh6npl.exe; Driver: C:\Users\Jan\AppData\Local\Temp\pxldqpow.sys


---- Threads - GMER 2.2 ----

Thread  C:\WINDOWS\system32\csrss.exe [580:684]                                                                                      fffff96080577300

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions                                                                      NOEXECUTE=OPTIN
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid                                                                             832
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber                                           4521647
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                            -423950760
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId                            50
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime                          475346929
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime                                                         10730
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime                                                       10668
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID                                                             6ed42667-b4d5-46d7-9604-e1bf05e
Reg     HKLM\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\AITEventLog@FileCounter                                                 2
Reg     HKLM\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\WdiContextLog@FileCounter                                               2
Reg     HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\UnitedVideo\SERVICES\BASICDISPLAY@DefaultSettings.XResolution                1920
Reg     HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\UnitedVideo\SERVICES\BASICDISPLAY@DefaultSettings.YResolution                1080
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                              6101
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                             1715
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{683e7fed-aa7d-44eb-8d54-0afad9f40366}@DhcpIPAddress      25.44.99.7
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{683e7fed-aa7d-44eb-8d54-0afad9f40366}@DhcpSubnetMaskOpt  255.0.0.0?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop                                             0
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw                                                                           0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask                                                                       0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw                                                                           0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask                                                                       0x64 0x62 0x03 0x00 ...
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown                                               1
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance@MessageTime                                          0x63 0xEF 0x65 0x7B ...

---- EOF - GMER 2.2 ----