GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-23 21:36:13 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000075 ST320LM0 rev.2AJ1 298,09GB Running: swsxddfn.exe; Driver: C:\Users\Kamila\AppData\Local\Temp\pxrdypoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1940] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000765987b1 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4244] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000765987b1 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] ---- Threads - GMER 2.2 ---- Thread C:\windows\System32\svchost.exe [1028:1496] 000007fefa7759a0 Thread C:\windows\System32\svchost.exe [1028:1684] 000007fefd341a70 Thread C:\windows\System32\svchost.exe [1028:3976] 000007fef41014a0 Thread C:\windows\System32\svchost.exe [1028:1392] 000007fef3e320c0 Thread C:\windows\System32\svchost.exe [1028:3632] 000007fef3e326a8 Thread C:\windows\System32\svchost.exe [1028:3600] 000007fef3e329dc Thread C:\windows\System32\svchost.exe [1028:4168] 000007fef3aea2b0 Thread C:\windows\System32\svchost.exe [1028:4776] 000007fef53a44e0 Thread C:\windows\System32\svchost.exe [1028:5072] 000007fef92088f8 Thread C:\windows\system32\svchost.exe [1304:4400] 000007fef2735388 Thread C:\windows\system32\svchost.exe [1304:4424] 000007fef2b07738 Thread C:\windows\system32\svchost.exe [1304:4440] 000007fef2af1f90 Thread C:\windows\system32\WLANExt.exe [1500:1636] 000000018000b674 Thread C:\windows\system32\WLANExt.exe [1500:1640] 000000018000b690 Thread C:\windows\system32\WLANExt.exe [1500:1644] 000000018000b658 Thread C:\windows\system32\WLANExt.exe [1500:1648] 0000000180022170 Thread C:\windows\system32\WLANExt.exe [1500:1652] 000007fefa022f9c Thread C:\windows\System32\spoolsv.exe [1824:2500] 000007fef87210c8 Thread C:\windows\System32\spoolsv.exe [1824:2512] 000007fef86e6144 Thread C:\windows\System32\spoolsv.exe [1824:2532] 000007fef84d5fd0 Thread C:\windows\System32\spoolsv.exe [1824:2548] 000007fef84c3438 Thread C:\windows\System32\spoolsv.exe [1824:2552] 000007fef84d63ec Thread C:\windows\System32\spoolsv.exe [1824:2616] 000007fef87b5e5c Thread C:\windows\System32\spoolsv.exe [1824:2624] 000007fef87e5074 Thread C:\windows\system32\taskhost.exe [1368:2132] 000007fef9372740 Thread C:\windows\system32\taskhost.exe [1368:2164] 000007fef9711f38 Thread C:\windows\system32\taskhost.exe [1368:2196] 000007fefb431010 Thread C:\windows\Explorer.EXE [2268:2664] 000000005c158e00 Thread C:\windows\Explorer.EXE [2268:2896] 000007fef9802154 Thread C:\windows\Explorer.EXE [2268:2084] 000007fefbce6204 Thread C:\windows\Explorer.EXE [2268:2628] 000007fef6872118 Thread C:\windows\Explorer.EXE [2268:4504] 000007fefa022f9c Thread C:\windows\Explorer.EXE [2268:4520] 000007fef2723824 Thread C:\windows\system32\svchost.exe [3920:3572] 000007fefa022f9c Thread C:\windows\System32\svchost.exe [4976:3384] 000007fef1929688 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb1d33403 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde7e1b14 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4dee0693d Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4dee0693d@0017e893ff17 0x27 0x8F 0xE8 0xE7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4dee0693d@9c4a7bcbe45b 0x9F 0x09 0x8E 0x18 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4dee0693d@9401c296bdd8 0x34 0x48 0xE6 0xA7 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb1d33403 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde7e1b14 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4dee0693d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4dee0693d@0017e893ff17 0x27 0x8F 0xE8 0xE7 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4dee0693d@9c4a7bcbe45b 0x9F 0x09 0x8E 0x18 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4dee0693d@9401c296bdd8 0x34 0x48 0xE6 0xA7 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\50889B1F14606BB23286356EC016D779F1723EBD 0 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\350D616D61A6A6A4FD2CC57C36B81611AEE2C544 346366 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\A01F85E33D472EB5886C4FC4F80836D42FE7FFCA 3755 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\67D775DB57BCC2117703640E9594C2D271FE23B7 772386 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\1CD056D666B7D83696A8E9C4B9B2D8206E025E55 355825 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\03E4BCA648627799C11B339BEC104CA903D59C6C 3199 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\7FB2605D2A529786B17FCF3F7F11E8585F46808F 150489 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\DD955EAB7E7F21FDDE8663EB044B19E871E20CA1 3861 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\76A1A48659D7587C3D34EFDB2478D0D0803D1229 352827 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\50C323D2217409C53BB4D58098EC4D482C68BFC9 4061 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\3DB1DF0F4533754B63F709B079F0F393FE5D2D82 376776 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\C937B7216B9F41FC2619D3E1C6E28AAA910AE28F 843223 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\117C6C32AEBFB8988236434B093A81463234158B 3673 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\746DC903076DB6A800BFF27530E98078EDDED4F0 3888 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\CC563A46D787E7C89704D196564D1E73F1962B14 3359 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\AD8481BAE1EEA102EC9587F2F40D8C0E4A4C0538 3460 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\00C98DC213746984EF23148DAF7BB70A682208BB 809208 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\642FC014189C06CCF25310B63C4F43FFCD7B1D1B 12264 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\21725885046C4DC6C2FC83972F5CA3C4AA4B2AFC 816322 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\96EE17E27E5DC27C251A4F06B534D8BAF86B910B 349169 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\4842FBF2DAD95801D4174FC9B9704D049261D9FD 3762 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\1E65CA9F18F57E0F315A9DECD4731237DFBC00A7 3669 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\562D9DB8E644EAF8627780FC1AAA932329DB6E61 341137 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\987B89E4384A07763EACEE121971EEC897C94AF8 70570 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\35B91CF28E87295B732BF9DEAD980CC3D78138EA 3783 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\F2F156A58EBBEF651175C223E83C62FA32FD7F69 238815 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\757201B1DE312F3D80518054ECDDCE4480CACE49 3697 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\0BB6D5D80E1EB328E10D2163FD6F5C2F8FF1B0E6 325559 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\3EC0BFECECD6A592BF23F13B5F8E739E327C2C01 349020 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\95F67FA9F5A1EB60860E7269F6B8732D693F77D1 75127 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\16F7CBF032787810B0FBF94F1BB4768DCDC3FEF5 87406 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\91005648C5FC39B847C2D2F0966DAB1937AF03DD 3826 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\7D75803587C9ED9B8FA7F5B5A5F74C046B391133 262049 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\63108187846C06076DA0095E432242A47F430FFD 347428 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\026DDA40BA207160E98CD1A07D76F43C670A676F 813827 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\6A16A8271664B58B1E1178065EDF3FC20F157615 183408 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\19D13319BC06D850F8A0E3C564DA234D85B576CF 3749 bytes File C:\Users\Kamila\AppData\Local\Mozilla\Firefox\Profiles\occ64tdh.default-1458596182055\cache2\entries\ACDA73FF3AC5F9705C0C180B28591C0E6080F688 3725 bytes ---- EOF - GMER 2.2 ----