GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-27 19:01:50 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000032 Crucial_CT256MX100SSD1 rev.MU01 238,47GB Running: 0445rb4d.exe; Driver: C:\Users\Maczek\AppData\Local\Temp\pxldypog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[960] C:\Windows\system32\KERNEL32.DLL!SetUnhandledExceptionFilter 00007ffe14ad47d0 4 bytes [C3, 00, 00, 00] .text C:\Program Files\OO Software\Defrag\oodag.exe[2892] C:\Windows\system32\KERNEL32.DLL!SetUnhandledExceptionFilter 00007ffe14ad47d0 13 bytes {MOV R11, 0x140001cb0; JMP R11} ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [648:672] fffff960008b92d0 ---- Services - GMER 2.1 ---- Service C:\Windows\system32\drivers\hitmanpro37.sys (*** hidden *** ) [MANUAL] hitmanpro37 <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1512163 Reg HKLM\SYSTEM\CurrentControlSet\Services\hitmanpro37 Reg HKLM\SYSTEM\CurrentControlSet\Services\hitmanpro37@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\hitmanpro37@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\hitmanpro37@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\hitmanpro37@ImagePath \??\C:\Windows\system32\drivers\hitmanpro37.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\hitmanpro37@DisplayName HitmanPro 3.7 Support Driver Reg HKLM\SYSTEM\CurrentControlSet\Services\hitmanpro37 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter 468 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore@Count 6 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsBandwidthBucketCounter 898220 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter 350 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0xD1 0x0F 0x5C 0x0C ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsLargeRequestBucketCounter 48 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0xD1 0x0F 0x5C 0x0C ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherRequestBucketCounter 95 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0xD1 0x0F 0x5C 0x0C ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter 1771170 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 542 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0xD1 0x0F 0x5C 0x0C ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63586834535067%3bID%3d896BF878E6BEF303!106%3bLR%3d63586834383143%3bEP%3d5%3bTD%3dTrue%3bSO%3d0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime 0x9C 0x13 0xE4 0x05 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce@Report C:\AdwCleaner\AdwCleaner[C1].txt Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 8 ---- EOF - GMER 2.1 ----