GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-09 14:35:03 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 OCZ-VECTOR rev.1.03.1 119,24GB Running: gmer.exe; Driver: C:\Users\sbk\AppData\Local\Temp\pxldypow.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [828:880] ffffc2d5d09a6c20 Thread C:\WINDOWS\system32\csrss.exe [828:888] ffffc2d5d09a6c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xCD 0xB8 0x2A 0x5F ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xFA 0x38 0x06 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xCD 0xB8 0x2A 0x5F ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x5B 0x9B 0x08 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 44 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPnPProvider\uuid:0bebc200-00c8-1000-9f61-0c8910873e70\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPnPProvider\uuid:0bebc200-00c8-1000-9f61-0c8910873e70\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPnPProvider\uuid:0f7f4900-0004-1000-8f33-1c5a3ee1dcaf\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPnPProvider\uuid:0f7f4900-0004-1000-8f33-1c5a3ee1dcaf\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\DELF011H735H9C82EPL_32_07D9_C4+ENC207806858111_31_07DB_FA^5C752482BEFE57FF7E74054BA1C667D3@Timestamp 0xC5 0xF1 0xAD 0x5F ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 960 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\D:\Files\Firefox Profil\searchplugins\babylon.xml??\??\C:\Program Files (x86)\Mozilla Firefox\tobedeleted\rep2CE0.tmp??\??\C:\Program Files (x86)\Mozilla Firefox\tobedeleted\rep2CE0.tmp??\??\C:\Program Files (x86)\Mozilla Firefox\tobedeleted\??\??\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe??\??\C:\Users\sbk\AppData\Local\Temp\nsl435.tmp\registry.dll??\??\C:\Users\sbk\AppData\Local\Temp\nsl435.tmp\stack.dll??\??\C:\Users\sbk\AppData\Local\Temp\nsl435.tmp\xml.dll??\??\C:\Users\sbk\AppData\Local\Temp\nsl435.tmp\??\??\C:\Users\sbk\AppData\Local\Temp\nsz244B.tmp\stack.dll??\??\C:\Users\sbk\AppData\Local\Temp\nsz244B.tmp\??\??\C:\Users\sbk\AppData\Local\Temp\nswEBB5.tmp\stack.dll??\??\C:\Users\sbk\AppData\Local\Temp\nswEBB5.tmp\xml.dll??\??\C:\Users\sbk\AppData\Local\Temp\nswEBB5.tmp\??\??\C:\Users\sbk\AppData\Local\Temp\nsvC2E1.tmp\xml.dll??\??\C:\Users\sbk\AppData\Local\Temp\nsvC2E1.tmp\??\??\C:\Users\sbk\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\sbk\AppData\Local\T Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 2710778 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 339928899 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 44 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 488652596 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 7688 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 7351 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID c9830213-0fe3-4906-9338-7a37bc0 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AITEventLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{3b94e656-71d5-4013-8387-21360b169bc5}@LastProbeTime 1478691108 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1876 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 225 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 43 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 192.168.1.1 192.168.1.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f45b8fa6-3414-4790-a592-cedfc691c392}@LeaseObtainedTime 1478690712 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f45b8fa6-3414-4790-a592-cedfc691c392}@T1 1478733912 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f45b8fa6-3414-4790-a592-cedfc691c392}@T2 1478766312 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f45b8fa6-3414-4790-a592-cedfc691c392}@LeaseTerminatesTime 1478777112 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f45b8fa6-3414-4790-a592-cedfc691c392}@DhcpNameServer 192.168.1.1 192.168.1.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xEE 0x57 0xD4 0xF8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xEE 0xBF 0x98 0x5A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xEE 0xEF 0x0F 0x97 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 17684 17690 17700 17710 17730 17774 17784 17822 17828 17844 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 17850 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 17851 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 17684 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 17685 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPnPProvider\uuid:0bebc200-00c8-1000-9f61-0c8910873e70\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPnPProvider\uuid:0bebc200-00c8-1000-9f61-0c8910873e70\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPnPProvider\uuid:0f7f4900-0004-1000-8f33-1c5a3ee1dcaf\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPnPProvider\uuid:0f7f4900-0004-1000-8f33-1c5a3ee1dcaf\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe?D:\Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe?Chrome? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome 0x0D 0x2B 0x51 0x3F ... ---- EOF - GMER 2.2 ----