GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-24 13:54:21 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 rev. 0.00MB Running: rn6l0pw8.exe; Driver: C:\Users\Cepek\AppData\Local\Temp\uxldqpow.sys ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [648:4400] ffffc91895536c20 Thread C:\WINDOWS\system32\svchost.exe [1432:3140] 0000023d91e50d3c Thread C:\WINDOWS\system32\svchost.exe [1432:3144] 0000023d91e50d3c Thread C:\WINDOWS\system32\svchost.exe [1432:3148] 0000023d91e50d3c Thread C:\WINDOWS\system32\svchost.exe [1432:3456] 0000023d91e47378 Thread C:\WINDOWS\system32\svchost.exe [1432:3460] 0000023d91e47378 Thread C:\WINDOWS\system32\svchost.exe [1432:3980] 0000023d91fc0d3c Thread C:\WINDOWS\system32\svchost.exe [1432:3984] 0000023d926115cc Thread C:\WINDOWS\system32\svchost.exe [1432:4020] 0000023d91fc0d3c Thread C:\WINDOWS\system32\svchost.exe [1432:4024] 0000023d926115cc Thread C:\WINDOWS\system32\svchost.exe [1432:4028] 0000023d92660c8c Thread C:\WINDOWS\system32\svchost.exe [1432:4032] 0000023d926a0c8c Thread C:\WINDOWS\system32\svchost.exe [1432:4040] 0000023d91fc0d3c Thread C:\WINDOWS\system32\svchost.exe [1432:4044] 0000023d926115cc Thread C:\WINDOWS\system32\svchost.exe [1432:4048] 0000023d92660c8c Thread C:\WINDOWS\system32\svchost.exe [1432:4052] 0000023d926a0c8c Thread C:\WINDOWS\system32\svchost.exe [1432:4088] 0000023d92660c8c Thread C:\WINDOWS\system32\svchost.exe [1432:4092] 0000023d926a0c8c Thread C:\WINDOWS\system32\svchost.exe [1432:2848] 0000023d91fb7378 Thread C:\WINDOWS\system32\svchost.exe [1432:3536] 0000023d92607378 Thread C:\WINDOWS\system32\svchost.exe [1432:3416] 0000023d91fb7378 Thread C:\WINDOWS\system32\svchost.exe [1432:3880] 0000023d92607378 Thread C:\WINDOWS\system32\svchost.exe [1432:3832] 0000023d92657378 Thread C:\WINDOWS\system32\svchost.exe [1432:3260] 0000023d92697378 Thread C:\WINDOWS\system32\svchost.exe [1432:3560] 0000023d92657378 Thread C:\WINDOWS\system32\svchost.exe [1432:3240] 0000023d92697378 Thread C:\WINDOWS\system32\svchost.exe [1432:3676] 0000023d926115cc Thread C:\WINDOWS\system32\svchost.exe [1432:4496] 0000023d91ed0e4c Thread C:\WINDOWS\system32\svchost.exe [1432:4500] 0000023d91ed0e4c Thread C:\WINDOWS\system32\svchost.exe [1432:4504] 0000023d91ed0e4c Thread C:\WINDOWS\system32\svchost.exe [1432:4544] 0000023d91ec7378 Thread C:\WINDOWS\system32\svchost.exe [1432:4548] 0000023d91ec7378 Thread C:\WINDOWS\system32\backgroundTaskHost.exe [8840:6348] 00007ff845f90440 Thread C:\WINDOWS\system32\backgroundTaskHost.exe [8840:5804] 00007ff83d3048e0 Thread C:\WINDOWS\system32\backgroundTaskHost.exe [8840:10176] 00007ff8450ca5e0 ---- Services - GMER 2.2 ---- Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] CDPUserSvc_68f97 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] MessagingService_68f97 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] OneSyncSvc_68f97 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] PimIndexMaintenanceSvc_68f97 <-- ROOTKIT !!! Service system32\Drivers\PsBoot.sys (*** hidden *** ) [DISABLED] PsBoot <-- ROOTKIT !!! Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [MANUAL] UnistoreSvc_68f97 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] UserDataSvc_68f97 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] WpnUserService_68f97 <-- ROOTKIT !!! ---- EOF - GMER 2.2 ----