GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-14 06:22:22 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000031 TOSHIBA_MQ01ABD100 rev.AX0R2J 931,51GB Running: qngw9e0r.exe; Driver: C:\Users\DOMINI~1\AppData\Local\Temp\pxddapog.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\SYSTEM32\apphelp.dll [7000] entry point in ".rdata" section 000000007120f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [7000] entry point in ".rdata" section 0000000072ec1590 ? C:\WINDOWS\system32\apphelp.dll [4812] entry point in ".rdata" section 000000007120f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [4812] entry point in ".rdata" section 0000000072ec1590 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [1028] entry point in ".rdata" section 0000000071bba020 ? C:\WINDOWS\system32\ncryptsslp.dll [1028] entry point in ".rdata" section 0000000071b904f0 ? C:\WINDOWS\system32\apphelp.dll [2576] entry point in ".rdata" section 000000007120f7c0 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [720:2348] ffff870df8136c20 Thread C:\WINDOWS\system32\svchost.exe [952:364] 00007ffcc7d7f950 Thread C:\WINDOWS\system32\svchost.exe [952:412] 00007ffcc7d7ed20 Thread C:\WINDOWS\system32\svchost.exe [952:8] 00007ffcc7b78ae0 Thread C:\WINDOWS\system32\svchost.exe [596:1548] 00007ffcbe9b50c0 Thread C:\WINDOWS\system32\svchost.exe [596:2788] 00007ffcbb411a50 Thread C:\WINDOWS\system32\svchost.exe [596:2904] 00007ffcbb9a39b0 Thread C:\WINDOWS\system32\svchost.exe [596:3720] 00007ffcb8e51040 Thread C:\WINDOWS\system32\svchost.exe [596:3724] 00007ffcb93548e0 Thread C:\WINDOWS\system32\svchost.exe [596:3728] 00007ffcb93548e0 Thread C:\WINDOWS\system32\svchost.exe [596:3744] 00007ffcb8e31930 Thread C:\WINDOWS\system32\svchost.exe [596:8584] 00007ffcc2497ac0 Thread C:\WINDOWS\system32\svchost.exe [596:8648] 00007ffcc2497ac0 Thread C:\WINDOWS\system32\svchost.exe [596:4920] 00007ffcc35730f0 Thread C:\WINDOWS\system32\svchost.exe [596:1912] 00007ffcbf632cf0 Thread C:\WINDOWS\system32\svchost.exe [596:6552] 00007ffcb903efd0 Thread C:\WINDOWS\system32\svchost.exe [596:804] 00007ffcb903efd0 Thread C:\WINDOWS\system32\svchost.exe [596:8792] 00007ffcc41d50a0 Thread C:\WINDOWS\system32\svchost.exe [596:4844] 00007ffcc2497ac0 Thread C:\WINDOWS\system32\svchost.exe [1224:1884] 00007ffcbf6ba420 Thread C:\WINDOWS\system32\svchost.exe [1224:1992] 00007ffcbf6b83a0 Thread C:\WINDOWS\system32\svchost.exe [1224:2012] 00007ffcbf6bb090 Thread C:\WINDOWS\system32\svchost.exe [1224:2016] 00007ffcbf6ba9a0 Thread C:\WINDOWS\system32\svchost.exe [1224:2020] 00007ffcbf6ba770 Thread C:\WINDOWS\system32\svchost.exe [1224:2228] 00007ffcbdf199e0 Thread C:\WINDOWS\system32\svchost.exe [1224:2232] 00007ffcbf632cf0 Thread C:\WINDOWS\system32\svchost.exe [1224:3044] 00007ffcbf6b8b00 Thread C:\WINDOWS\system32\svchost.exe [1224:8804] 00007ffc978cb030 Thread C:\WINDOWS\system32\svchost.exe [1240:3916] 00007ffcb8d7ac90 Thread C:\WINDOWS\system32\svchost.exe [1240:3980] 00007ffcb8d73590 Thread C:\WINDOWS\system32\svchost.exe [1588:3296] 00007ffcb9921240 Thread C:\WINDOWS\system32\svchost.exe [1588:3300] 00007ffcbb0da3b0 Thread C:\WINDOWS\system32\svchost.exe [1588:3328] 00007ffcb94825e0 Thread C:\WINDOWS\system32\svchost.exe [1588:3712] 00007ffcc67c3bc0 Thread C:\WINDOWS\system32\svchost.exe [1588:8364] 00007ffcc67c2080 Thread C:\WINDOWS\System32\svchost.exe [1708:1528] 00007ffcbabcdbe0 Thread C:\WINDOWS\System32\svchost.exe [1708:1492] 00007ffcbabcdbe0 Thread C:\WINDOWS\system32\svchost.exe [1840:1976] 00007ffcbf58e830 Thread C:\WINDOWS\system32\svchost.exe [1840:2000] 00007ffcc25c10a0 Thread C:\WINDOWS\system32\svchost.exe [1840:2240] 00007ffcbf632cf0 Thread C:\WINDOWS\system32\svchost.exe [1840:2756] 00007ffcbddc5bd0 Thread C:\WINDOWS\system32\svchost.exe [1840:2820] 00007ffcbddc9b20 Thread C:\WINDOWS\system32\svchost.exe [1840:2928] 00007ffcbf632cf0 Thread C:\WINDOWS\system32\svchost.exe [2024:2200] 00007ffcbe0244b0 Thread C:\WINDOWS\system32\svchost.exe [2024:2328] 00007ffcc8686750 Thread C:\WINDOWS\System32\spoolsv.exe [2080:6956] 00007ffcbc245bc0 Thread C:\WINDOWS\System32\spoolsv.exe [2080:5312] 00007ffcaad82740 Thread C:\WINDOWS\System32\spoolsv.exe [2080:4948] 00007ffcbc2d1180 Thread C:\WINDOWS\System32\spoolsv.exe [2080:4952] 00007ffcaabf8e40 Thread C:\WINDOWS\system32\svchost.exe [2192:3496] 00007ffcb94ab180 Thread C:\WINDOWS\system32\svchost.exe [2192:3504] 00007ffcb94af5f0 Thread C:\WINDOWS\system32\svchost.exe [2192:5380] 00007ffcc35730f0 Thread C:\WINDOWS\system32\svchost.exe [2192:532] 00007ffcb94c6130 Thread C:\WINDOWS\system32\svchost.exe [3812:2180] 00007ffcbabcdbe0 Thread C:\WINDOWS\system32\svchost.exe [3812:4192] 00007ffcbabcdbe0 Thread C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [748:4232] 00007ffcb77c7944 Thread C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [748:4236] 00007ffcb768beb4 Thread C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [748:4872] 00007ffcb768beb4 Thread C:\WINDOWS\system32\taskhostw.exe [1312:3848] 00007ffcc4f21ba0 Thread C:\WINDOWS\system32\taskhostw.exe [1312:3636] 00007ffcc43e1160 Thread C:\WINDOWS\system32\taskhostw.exe [1312:116] 00007ffcc43e1a20 Thread C:\WINDOWS\system32\taskhostw.exe [1312:3260] 00007ffccab0b600 Thread C:\WINDOWS\system32\taskhostw.exe [1312:4136] 00007ffcb72fa3b0 Thread C:\WINDOWS\system32\taskhostw.exe [1312:4152] 00007ffcb7247930 Thread C:\WINDOWS\system32\taskhostw.exe [1312:4160] 00007ffcb7247930 Thread C:\WINDOWS\system32\taskhostw.exe [1312:4164] 00007ffcb7247930 Thread C:\WINDOWS\system32\taskhostw.exe [1312:4240] 00007ffcc75230f0 Thread C:\WINDOWS\system32\taskhostw.exe [1312:332] 00007ffcbabcdbe0 Thread C:\WINDOWS\system32\taskhostw.exe [1312:920] 00007ffcbabcdbe0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:5428] 00007ffcca5c59c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:5432] 00007ffcbff83990 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:5448] 00007ffcc0ea48e0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:5468] 00007ffcca5c59c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:5472] 00007ffcbff83990 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:5476] 00007ffccacf5f10 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:5584] 00007ffcbea6e010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:5600] 00007ffcbfe09310 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:5604] 00007ffcbfe09310 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:5608] 00007ffcbfe09310 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:5612] 00007ffcbfe09310 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:5872] 00007ffcca5c59c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:5876] 00007ffcbff83990 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:6048] 00007ffcbea6e010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:156] 00007ffcca5c59c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:4816] 00007ffcbff83990 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:5856] 00007ffcbea6e010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:184] 00007ffccacf5f10 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:4388] 00007ffcc80111a0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:5800] 00007ffcca5c70d0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:5956] 00007ffccacf5f10 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:7192] 00007ffccacf5f10 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:2924] 00007ffcaed09780 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:6840] 00007ffcb55ecaf0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:1736] 00007ffcb55ecaf0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:6936] 00007ffcc991a200 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:1612] 00007ffcb55ecaf0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:6856] 00007ffcb55ecaf0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:2492] 00007ffcb55ecaf0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:5564] 00007ffcb55ecaf0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:7824] 00007ffcbfe49de0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:204] 00007ffcbfe49de0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:6728] 00007ffcbfe49de0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [5296:868] 00007ffcbfe49de0 Thread C:\WINDOWS\system32\SettingSyncHost.exe [4520:260] 00007ffcca5c59c0 Thread C:\WINDOWS\system32\SettingSyncHost.exe [4520:8132] 00000000723701d0 Thread C:\WINDOWS\system32\SettingSyncHost.exe [4520:4308] 00007ffcc5635110 Thread C:\WINDOWS\system32\SettingSyncHost.exe [4520:4340] 00007ffcbabcdbe0 Thread C:\WINDOWS\system32\SettingSyncHost.exe [4520:8852] 00007ffcbabcdbe0 Thread C:\Users\Dominikkoki\AppData\Local\Microsoft\OneDrive\OneDrive.exe [6980:1568] 000000006f946aec Thread C:\Users\Dominikkoki\AppData\Local\Microsoft\OneDrive\OneDrive.exe [6980:1512] 000000006f946aec Thread C:\Users\Dominikkoki\AppData\Local\Microsoft\OneDrive\OneDrive.exe [6980:1480] 000000006fd2bfb4 Thread C:\Users\Dominikkoki\AppData\Local\Microsoft\OneDrive\OneDrive.exe [6980:2096] 000000006fd2bfb4 Thread C:\Users\Dominikkoki\AppData\Local\Microsoft\OneDrive\OneDrive.exe [6980:2724] 000000006fd2bfb4 Thread C:\Users\Dominikkoki\AppData\Local\Microsoft\OneDrive\OneDrive.exe [6980:2488] 000000006fd2bfb4 Thread C:\Users\Dominikkoki\AppData\Local\Microsoft\OneDrive\OneDrive.exe [6980:2504] 000000006fd2bfb4 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7748:6732] 00007ffccacf5f10 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7748:7156] 00007ffcca5c59c0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7748:6636] 00007ffcbff83990 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7748:8040] 00007ffcca5c70d0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7748:6172] 00007ffcc74a2880 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7748:6148] 00007ffcca5c59c0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7748:6252] 00007ffcbf632cf0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7748:6244] 00007ffcbc52bb70 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7748:5884] 00007ffcbf632cf0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7748:6284] 00007ffcbf632cf0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7748:6296] 00007ffccacf5f10 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7748:6300] 00007ffccacf5f10 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7748:6344] 00007ffccacf5f10 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7748:6356] 00007ffccacf5f10 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7748:7152] 00007ffcc80111a0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7748:9128] 00007ffcbea6e010 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7748:5624] 00007ffcbfe49de0 Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [8236:4840] 00007ffcb0f7c320 Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [8236:7284] 00007ffccacf5f10 Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [8236:4460] 00007ffcca5c59c0 Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [8236:9024] 00007ffcbff83990 Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [8236:8896] 00007ffcc0ea48e0 Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [8236:8328] 00007ffcca5c70d0 Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [8236:8868] 00007ffcc991a200 Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [8236:9164] 00007ffcc95f2a50 Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe [8236:8676] 00007ffcbfe49de0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [7788:3032] 00007ffccacf5f10 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [7788:6436] 00007ffcca5c59c0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [7788:6824] 00007ffcbff83990 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [7788:8916] 00007ffcc0ea48e0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [7788:2032] 00007ffcca5c70d0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [7788:6156] 00007ffcbea6e010 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [7788:1188] 00007ffccacf5f10 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [7788:7308] 00007ffcc80111a0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [7788:7816] 00007ffccb19b310 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [7788:8152] 00007ffcac4ccca0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [7788:8980] 00007ffcac54abb0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [7788:8048] 00007ffcac50a030 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [7788:1032] 00007ffcac54abb0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [7788:1052] 00007ffccb19b310 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [7788:160] 00007ffccb19b310 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [7788:5708] 00007ffcac552630 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [7788:5508] 00007ffcac54abb0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [7788:9160] 00007ffcbfe49de0 Thread C:\WINDOWS\system32\taskhostw.exe [4092:8468] 00007ffcbbf30610 Thread C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16102.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe [3268:8268] 00007ffccacf5f10 Thread C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16102.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe [3268:3620] 00007ffcca5c59c0 Thread C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16102.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe [3268:7020] 00007ffcbff83990 Thread C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16102.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe [3268:768] 00007ffcbd9a5870 Thread C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16102.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe [3268:6032] 00007ffccacf5f10 Thread C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16102.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe [3268:6576] 00007ffccacf5f10 Thread C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16102.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe [3268:2908] 00007ffcc991a200 Thread C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16102.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe [3268:7564] 00007ffcbabcdbe0 Thread C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16102.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe [3268:6260] 00007ffcbabcdbe0 Thread C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16102.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe [3268:8728] 00007ffcc0ea48e0 Thread C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16102.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe [3268:2920] 00007ffcca5c70d0 Thread C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16102.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe [3268:10192] 00007ffcc95f2a50 Thread C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16102.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe [3268:8088] 00007ffcbfe49de0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1695139571 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 3562 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 14894 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime 663 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 1461 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 4225 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeLibraryInitTime 199 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeInitTime 518 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 711 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 4944 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime 573 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 198 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeMapTime 15 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAllocateTime 2 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 5687 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 5753 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 14332 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 5746 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 14889 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 8088 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 105 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberSharedBufferTime 4 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 27816 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime 7722 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeInitTime 61 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeSharedBufferTime 12 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 496 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelAnimationTime 83 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 579930 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0x27 0x35 0x03 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 25203 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0x5F 0x24 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 108 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberCompressRate 27 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate 104 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 61 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FileRuns 2 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumTime 182 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumIoTime 32 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumTime 174 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumIoTime 47 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime 5125 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 544 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0x99 0x18 0x55 0x05 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14735116351562280@SetupOperations ???,?????,?, -???????????e???????????????????5??????????????????????????????? ???????,???????????,???????? ??? ??????????????????????,???6??Reverted?????,?,?,?,?,?,?,?,?????????????????????????????????)?????t?????????,???d??????\a??????em???????,???o???????s?????,?????-?-?- .?.???????????`??????????????????????????????????4????T??????????? ???????+?????,?????,??????????P?*??????????????,?????????e????aswSnx???????,?,?,?,?,?,?,?,??????L??,?????????n????avast! virtualization driver (aswSnx)???????????????????????????????t?????????????????????????P??,????????h?????\SystemRoot\system32\drivers\aswSnx.sys?ys????????0??,??????p???FSFilter Virtualization??????????,???????????e??FltMgr??????? ???????,?????,?????,? ???????? ?????????s??????? ??,???????????e??aswSnx Instance??????,?????,???,????? ???????,???????????,? ?????????????????????e???????,??????????137600???????,?,????????????????s??????,????? ???????,???????????,? ????????T??? ???????????? T??,??????????r???\??\C:\Program Files\AVAST Software\Avast????,?,??? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14735117039682280@SetupOperations ???,?????-?-?- .?.???????????`??????????????????????????????????4????T??????????? ???????+?????,?????,??????????P?*??????????????,?????????e????aswSnx???????,?,?,?,?,?,?,?,??????L??,?????????n????avast! virtualization driver (aswSnx)???????????????????????????????t?????????????????????????P??,????????h?????\SystemRoot\system32\drivers\aswSnx.sys?ys????????0??,??????p???FSFilter Virtualization??????????,???????????e??FltMgr??????? ???????,?????,?????,? ???????? ?????????s??????? ??,???????????e??aswSnx Instance??????,?????,???,????? ???????,???????????,? ?????????????????????e???????,??????????137600???????,?,????????????????s??????,????? ???????,???????????,? ????????T??? ???????????? T??,??????????r???\??\C:\Program Files\AVAST Software\Avast????,?,????? P??,??????????????\??\C:\ProgramData\AVAST Software\Avast?????? ???????+?????.?????,??????????N?+?????P????????,?????????e????aswSP????,?,?,?,?,?,?.?.??????.??,?????????n????avast! Self Protection????????????????????????????????????????????????????????????N Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\3010b37c8abf Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{E0B67DB2-0F13-40A9-96D3-05899F06E796}@DefunctTimestamp 0x6F 0xF5 0x4F 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 4337 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 987 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{94c8786a-1d3d-4618-b893-5a57e7df46fd}@LeaseObtainedTime 1481635182 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{94c8786a-1d3d-4618-b893-5a57e7df46fd}@T1 1481678382 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{94c8786a-1d3d-4618-b893-5a57e7df46fd}@T2 1481710782 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{94c8786a-1d3d-4618-b893-5a57e7df46fd}@LeaseTerminatesTime 1481721582 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x46 0x8F 0x92 0x73 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x46 0xF7 0x56 0xD5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x46 0x27 0xCE 0x11 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:9406CB18-018E-768C-F701-059FC5D2B40A\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:9406CB18-018E-768C-F701-059FC5D2B40A\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x5F 0xA7 0xDA 0xA7 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x5F 0xA7 0xDA 0xA7 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x5F 0xA7 0xDA 0xA7 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x5F 0xA7 0xDA 0xA7 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0x82 0x14 0x7F 0xA5 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds E7CF176E110C211B?Skype.Desktop.Application?Chrome? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@E7CF176E110C211B 0xC6 0xAD 0x98 0xC1 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Skype.Desktop.Application 0xB9 0x21 0xF5 0xE7 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome 0xAF 0x86 0x29 0xB6 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\browsersettings\wininet-internet-explorer@IsLocalReplicaDirty 0 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Users\Dominikkoki\AppData\Roaming\Crystal-Launcher\BitLockerWizard.exe 76274 bytes File C:\Users\Dominikkoki\AppData\Roaming\Crystal-Launcher\BitLockerWizardElev.exe 76302 bytes File C:\Users\Dominikkoki\AppData\Roaming\Crystal-Launcher\fvecpl.dll 143462 bytes File C:\Users\Dominikkoki\AppData\Roaming\Crystal-Launcher\fvewiz.dll 304886 bytes ---- EOF - GMER 2.2 ----