GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-15 17:49:47 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002b TOSHIBA_MK3265GSXN rev.GH101M 298,09GB Running: d8zr6lfg.exe; Driver: C:\Users\KRZYSZ~1\AppData\Local\Temp\pwldrfob.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [764:796] ffff886460336c20 Thread C:\WINDOWS\system32\svchost.exe [1768:3520] 00007ffe2e291240 Thread C:\WINDOWS\system32\svchost.exe [1768:3524] 00007ffe2a4ca3b0 Thread C:\WINDOWS\system32\svchost.exe [1768:3532] 00007ffe2a4725e0 Thread C:\WINDOWS\system32\svchost.exe [1768:1948] 00007ffe25d13bc0 Thread c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [4776:1100] 00007ffe22333e0c Thread c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [4776:2064] 00007ffe22333e0c Thread c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [4776:1268] 00007ffe2c6fbc60 Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [4788:940] 00007ffe22333e0c Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [4788:4404] 00007ffe2c3cf5f8 Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [4788:1916] 00007ffe22333e0c Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [4788:2828] 00007ffe2c6fbc60 Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [4788:5228] 00007ffe22333e0c Thread C:\WINDOWS\system32\backgroundTaskHost.exe [5708:6216] 00007ffe351548e0 Thread C:\WINDOWS\system32\backgroundTaskHost.exe [5708:6272] 00007ffe2299c320 Thread C:\WINDOWS\system32\backgroundTaskHost.exe [5708:6788] 00007ffe3c82a200 Thread C:\WINDOWS\system32\backgroundTaskHost.exe [5708:6804] 00007ffe3cd970d0 Thread C:\WINDOWS\system32\backgroundTaskHost.exe [5708:6864] 00007ffe3cf62a50 ---- Services - GMER 2.2 ---- Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] CDPUserSvc_5eef4 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] MessagingService_5eef4 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] OneSyncSvc_5eef4 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] PimIndexMaintenanceSvc_5eef4 <-- ROOTKIT !!! Service C:\WINDOWS\servicing\TrustedInstaller.exe (*** hidden *** ) [MANUAL] TrustedInstaller <-- ROOTKIT !!! Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [MANUAL] UnistoreSvc_5eef4 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] UserDataSvc_5eef4 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] WpnUserService_5eef4 <-- ROOTKIT !!! ---- EOF - GMER 2.2 ----