GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-23 10:49:55 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000037 Samsung_SSD_840_EVO_120GB rev.EXT0CB6Q 111,79GB Running: jzij5x9e.exe; Driver: C:\Users\Dawid\AppData\Local\Temp\pxldqpow.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [720:844] ffff931ebcda6c20 Thread C:\WINDOWS\Explorer.EXE [2816:8736] 00007ffa26b020e0 Thread C:\WINDOWS\Explorer.EXE [2816:1680] 00007ffa0fdf20e0 Thread C:\WINDOWS\Explorer.EXE [2816:8728] 00007ffa09ae20e0 Thread C:\WINDOWS\Explorer.EXE [2816:13128] 00007ffa09ae20e0 Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [9220:9372] 00007ffa0abae8ec Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [9220:9368] 00007ffa0abad4ac Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [9220:9312] 00007ffa09d4ba30 Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [9220:8560] 00007ffa09d4ba30 Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [9220:11932] 00007ffa09d4ba30 Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [9220:8152] 00007ffa0abae8ec Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [9220:7476] 00007ffa0abae8ec Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [9220:8020] 00007ffa0abae8ec Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [9220:1492] 00007ffa0abae8ec Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [9220:1576] 00007ffa0abae8ec Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [9220:1672] 00007ffa0abae8ec Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [9220:1664] 00007ffa0abae8ec Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [9220:1688] 00007ffa0abae8ec Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [9220:4280] 00007ffa0abae8ec Thread C:\Program Files\Microsoft Office\Office15\MsoSync.exe [9220:4276] 00007ffa0abae8ec ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1326875399 Reg HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 2745 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile@EnableFirewall 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile@EnableFirewall 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@LastKnownGoodTime 0xD9 0x8D 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xF3 0xE9 0xFA 0x95 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xF3 0x51 0xBF 0xF7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xF3 0x81 0x36 0x34 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient@SpecialPollTimeRemaining time.windows.com,7d29ca9??????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\WinDefend@FailureCommand C:\WINDOWS\system32\mrt.exe /EHB /ServiceFailure "CAMP=4.10.14393.0;approximate-> Engine=1.1.13303.0;AVSIG=1.233.342.0;ASSIG=1.233.342.0" /StartService /Defender /q Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\uuid:64f93285-349b-4bce-a345-269355828036\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\uuid:64f93285-349b-4bce-a345-269355828036\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:75DFCC0B-FD8B-4D66-B63E-36421AD0A6AA\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:75DFCC0B-FD8B-4D66-B63E-36421AD0A6AA\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{1388820C-2C94-4AEA-8B6B-083FD4FE74D6}@LastAccessedTime 0x20 0x32 0x80 0x9D ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{B998F9B5-AE6B-4FF3-A962-3A2331E09CFA}@LastAccessedTime 0xD0 0xB7 0xD3 0x4A ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{B998F9B5-AE6B-4FF3-A962-3A2331E09CFA}@LaunchCount 5 ---- EOF - GMER 2.2 ----