GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-16 04:21:00 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 KINGSTON_SV300S37A120G rev.521ABBF0 111,79GB Running: f60n0jpw.exe; Driver: C:\Users\Michi\AppData\Local\Temp\pxldypob.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [504:564] fffff960d8384030 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions NOEXECUTE=OPTIN Reg HKLM\SYSTEM\CurrentControlSet\Control@LastBootShutdown 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\MSBDD_NOEDID_1414_008D_FFFFFFFF_FFFFFFFF_0^CC77560BC3634A486857716562968286@Timestamp 0x40 0xC8 0x37 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 808 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900214 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 462972780 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 67 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 484056741 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 19113 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID a6fba1d4-b8c2-44cf-a5ce-787b376 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\AITEventLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\WdiContextLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\amdsbs\Parameters\Device-1@RaidCount 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\CmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 ---- Files - GMER 2.2 ---- File C:\Users\Michi\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAANwAAADlCAMAAAAP8WnWAAAAh1BMVEVDsTT\8\sC80rSE8rysyrR44riY1rSMurBj8\vvi8uD1+\T4\Pfe8NzM6Mmd05dLtD3A4ry437TV7NLn9OWy3K1ywmiX0JFrv2Hv+O6n16KMzIVfu1SCyHqQzYms2adVt0hjvFh8xnS94bnF5MJSt0VvwWVKtTt2wm5+xXai1ZuIy4FmvVwHmAZfAAALCElEQVR4nO2dZ5eqOhSGISQhiIpj793Ro\P 0 bytes File C:\Users\Michi\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAANwAAADlCAMAAAAP8WnWAAAAh1BMVEVDsTT\8\sC80rSE8rysyrR44riY1rSMurBj8\vvi8uD1+\T4\Pfe8NzM6Mmd05dLtD3A4ry437TV7NLn9OWy3K1ywmiX0JFrv2Hv+O6n16KMzIVfu1SCyHqQzYms2adVt0hjvFh8xnS94bnF5MJSt0VvwWVKtTt2wm5+xXai1ZuIy4FmvVwHmAZfAAALCElEQVR4nO2dZ5eqOhSGISQhiIpj793Ro\P\f99FsKAC6Ziw7vv1rDPhMX2XbMetsZxvf4BO 0 bytes File C:\Users\Michi\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAANwAAADlCAMAAAAP8WnWAAAAh1BMVEVDsTT\8\sC80rSE8rysyrR44riY1rSMurBj8\vvi8uD1+\T4\Pfe8NzM6Mmd05dLtD3A4ry437TV7NLn9OWy3K1ywmiX0JFrv2Hv+O6n16KMzIVfu1SCyHqQzYms2adVt0hjvFh8xnS94bnF5MJSt0VvwWVKtTt2wm5+xXai1ZuIy4FmvVwHmAZfAAALCElEQVR4nO2dZ5eqOhSGISQhiIpj793Ro\P\f99FsKAC6Ziw7vv1rDPhMX2XbMetsZxvf4BO\Q+nVo2faHb5Hc6W032vr7WliuGC9gUiD0MIAMTYQz7YdifaWqsUrjntIOi8Cvp42NPUXpVwA8d38gTInx686uD6c5SLluItAg1NVgbX9UAhWyzcaalvsyq4ZXG33TrP2ytvtCK4rUdhi0V+VLdaDdwpfyV5p1Pdd5XAXZjYHAcpXjSrgBvR5ttd4NhU2nAFcD+EkS3e0cdKW9YP12Dtt2RgdlU2rR9uXbq 0 bytes File C:\Users\Michi\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAANwAAADlCAMAAAAP8WnWAAAAh1BMVEVDsTT\8\sC80rSE8rysyrR44riY1rSMurBj8\vvi8uD1+\T4\Pfe8NzM6Mmd05dLtD3A4ry437TV7NLn9OWy3K1ywmiX0JFrv2Hv+O6n16KMzIVfu1SCyHqQzYms2adVt0hjvFh8xnS94bnF5MJSt0VvwWVKtTt2wm5+xXai1ZuIy4FmvVwHmAZfAAALCElEQVR4nO2dZ5eqOhSGISQhiIpj793Ro\P\f99FsKAC6Ziw7vv1rDPhMX2XbMetsZxvf4BO\Q+nVo2faHb5Hc6W032vr7WliuGC9gUiD0MIAMTYQz7YdifaWqsUrjntIOi8Cvp42NPUXpVwA8d38gTInx686uD6c5SLluItAg1NVgbX9UAhWyzcaalvsyq4ZXG33TrP2ytvtCK4rUdhi0V+VLdaDdwpfyV5p1Pdd5XAXZjYHAcpXjSrgBvR5ttd4NhU2nAFcD+EkS3e0cdKW9YP12Dtt2RgdlU2rR9uXbq\vQ9MGCpsWjvcjHExuQnPFLatG67NPuFSeQ11jeuGO 0 bytes File C:\Users\Michi\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAANwAAADlCAMAAAAP8WnWAAAAh1BMVEVDsTT\8\sC80rSE8rysyrR44riY1rSMurBj8\vvi8uD1+\T4\Pfe8NzM6Mmd05dLtD3A4ry437TV7NLn9OWy3K1ywmiX0JFrv2Hv+O6n16KMzIVfu1SCyHqQzYms2adVt0hjvFh8xnS94bnF5MJSt0VvwWVKtTt2wm5+xXai1ZuIy4FmvVwHmAZfAAALCElEQVR4nO2dZ5eqOhSGISQhiIpj793Ro\P\f99FsKAC6Ziw7vv1rDPhMX2XbMetsZxvf4BO\Q+nVo2faHb5Hc6W032vr7WliuGC9gUiD0MIAMTYQz7YdifaWqsUrjntIOi8Cvp42NPUXpVwA8d38gTInx686uD6c5SLluItAg1NVgbX9UAhWyzcaalvsyq4ZXG33TrP2ytvtCK4rUdhi0V+VLdaDdwpfyV5p1Pdd5XAXZjYHAcpXjSrgBvR5ttd4NhU2nAFcD+EkS3e0cdKW9YP12Dtt2RgdlU2rR9uXbq\vQ9MGCpsWjvcjHExuQnPFLatG67NPuFSeQ11jeuGO\IMyqvgVl3jmuEivkF5FVJ3gdULx7VS3rtO3azTCzfmHZRXEWU7uVa4vUDHOY4 0 bytes ---- EOF - GMER 2.2 ----