GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-08 09:04:31 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002b TOSHIBA_MK3265GSXN rev.GH101M 298,09GB Running: d8zr6lfg.exe; Driver: C:\Users\KRZYSZ~1\AppData\Local\Temp\pwldrfob.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [8144:4752] fffff89b38306c20 Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [4476:4624] 00007ffb28163e0c Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [4476:9072] 00007ffb139af5f8 Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [4476:1924] 00007ffb28163e0c Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [4476:6824] 00007ffb1384bc60 Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [4476:1892] 00007ffb28163e0c ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 974131736 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\4cedde8516f8 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@LastKnownGoodTime 0x35 0x42 0xED 0x42 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x0D 0xC5 0x9C 0xF0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x0D 0x2D 0x61 0x52 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x0D 0x5D 0xD8 0x8E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient@SpecialPollTimeRemaining time.windows.com,7d3fdc8??????????? Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... ---- EOF - GMER 2.2 ----