GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-08-23 12:34:34
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000028 Crucial_CT128MX100SSD1 rev.MU01 119,24GB
Running: 1i7io9xg.exe; Driver: C:\Users\Marcinia\AppData\Local\Temp\pxldypog.sys


---- User code sections - GMER 2.2 ----

.text   C:\Program Files\ESET\ESET Smart Security\ekrn.exe[864] C:\WINDOWS\system32\KERNEL32.DLL!SetUnhandledExceptionFilter                         00007ffc42113208 4 bytes [C3, 00, 00, 00]
.text   C:\Program Files\ESET\ESET Smart Security\ekrn.exe[864] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506                               00007ffc4225169a 4 bytes [25, 42, FC, 7F]
.text   C:\Program Files\ESET\ESET Smart Security\ekrn.exe[864] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514                               00007ffc422516a2 4 bytes [25, 42, FC, 7F]
.text   C:\Program Files\ESET\ESET Smart Security\ekrn.exe[864] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118                                  00007ffc4225181a 4 bytes [25, 42, FC, 7F]
.text   C:\Program Files\ESET\ESET Smart Security\ekrn.exe[864] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142                                  00007ffc42251832 4 bytes [25, 42, FC, 7F]
.text   C:\WINDOWS\System32\spoolsv.exe[1232] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                 00007ffc4225169a 4 bytes [25, 42, FC, 7F]
.text   C:\WINDOWS\System32\spoolsv.exe[1232] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                 00007ffc422516a2 4 bytes [25, 42, FC, 7F]
.text   C:\WINDOWS\System32\spoolsv.exe[1232] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                    00007ffc4225181a 4 bytes [25, 42, FC, 7F]
.text   C:\WINDOWS\System32\spoolsv.exe[1232] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                    00007ffc42251832 4 bytes [25, 42, FC, 7F]
.text   C:\Program Files\ESET\ESET Smart Security\egui.exe[2276] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506                              00007ffc4225169a 4 bytes [25, 42, FC, 7F]
.text   C:\Program Files\ESET\ESET Smart Security\egui.exe[2276] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514                              00007ffc422516a2 4 bytes [25, 42, FC, 7F]
.text   C:\Program Files\ESET\ESET Smart Security\egui.exe[2276] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118                                 00007ffc4225181a 4 bytes [25, 42, FC, 7F]
.text   C:\Program Files\ESET\ESET Smart Security\egui.exe[2276] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142                                 00007ffc42251832 4 bytes [25, 42, FC, 7F]
.text   C:\WINDOWS\Explorer.EXE[2524] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                                                               00007ffc3d531f6a 4 bytes [53, 3D, FC, 7F]
.text   C:\WINDOWS\Explorer.EXE[2524] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                                                               00007ffc3d531f82 4 bytes [53, 3D, FC, 7F]
.text   C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe[4292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread         00007ffc42bc6640 14 bytes {MOV RAX, 0x7ff6759a7d24; JMP RAX}
.text   C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe[4292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadToken              00007ffc42bc67b0 14 bytes {MOV RAX, 0x7ff6759a7c7c; JMP RAX}
.text   C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe[4292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess                  00007ffc42bc67d0 14 bytes {MOV RAX, 0x7ff6759a7bf8; JMP RAX}
.text   C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe[4292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationFile           00007ffc42bc67e0 14 bytes {MOV RAX, 0x7ff6759a7cf8; JMP RAX}
.text   C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe[4292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection             00007ffc42bc67f0 14 bytes {MOV RAX, 0x7ff6759a7b04; JMP RAX}
.text   C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe[4292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtUnmapViewOfSection           00007ffc42bc6810 14 bytes {MOV RAX, 0x7ff6759a7d48; JMP RAX}
.text   C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe[4292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx            00007ffc42bc6860 14 bytes {MOV RAX, 0x7ff6759a7ca0; JMP RAX}
.text   C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe[4292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx           00007ffc42bc6870 14 bytes {MOV RAX, 0x7ff6759a7c34; JMP RAX}
.text   C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe[4292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenFile                     00007ffc42bc68a0 14 bytes {MOV RAX, 0x7ff6759a7b88; JMP RAX}
.text   C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe[4292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryAttributesFile          00007ffc42bc6940 14 bytes {MOV RAX, 0x7ff6759a7cd0; JMP RAX}
.text   C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe[4292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile                   00007ffc42bc6ac0 14 bytes {MOV RAX, 0x7ff6759a7a4c; JMP RAX}
.text   C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe[4292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcessToken             00007ffc42bc7660 14 bytes {MOV RAX, 0x7ff6759a7c1c; JMP RAX}
.text   C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe[4292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread                   00007ffc42bc76b0 14 bytes {MOV RAX, 0x7ff6759a7c58; JMP RAX}
.text   C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe[4292] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile      00007ffc42bc7800 14 bytes {MOV RAX, 0x7ff6759a7ce4; JMP RAX}
.text   C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe[4292] C:\WINDOWS\SYSTEM32\ntdll.dll!KiUserExceptionDispatcher + 1  00007ffc42bc83b1 5 bytes JMP 00007ffbe2bc0000
.text   C:\WINDOWS\system32\wbem\WmiApSrv.exe[1432] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                           00007ffc4225169a 4 bytes [25, 42, FC, 7F]
.text   C:\WINDOWS\system32\wbem\WmiApSrv.exe[1432] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                           00007ffc422516a2 4 bytes [25, 42, FC, 7F]
.text   C:\WINDOWS\system32\wbem\WmiApSrv.exe[1432] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                              00007ffc4225181a 4 bytes [25, 42, FC, 7F]
.text   C:\WINDOWS\system32\wbem\WmiApSrv.exe[1432] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                              00007ffc42251832 4 bytes [25, 42, FC, 7F]

---- Threads - GMER 2.2 ----

Thread  C:\WINDOWS\system32\csrss.exe [580:592]                                                                                                      fffff960009724d0
Thread  C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1128:3380]                                                                  00007ffc1cfdcddc

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager\Defrag@TotalBytesSaved                                           0x00 0x60 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                            325806719
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore@Count                               16

---- Disk sectors - GMER 2.2 ----

Disk    \Device\Harddisk0\DR0                                                                                                                        unknown MBR code

---- EOF - GMER 2.2 ----