Hej!
Ok Dzięki
Uzupełniam braki.
GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-12 01:55:58 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002b HGST_HTS545050A7E680 rev.GG2OAE30 465,76GB Running: 0jxy33iq.exe; Driver: C:\Users\Jakub\AppData\Local\Temp\pfldqpow.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff949773e10 7 bytes JMP 00007ffa491502d0 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff949773e20 7 bytes JMP 00007ffa49150308 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff9498239b0 7 bytes JMP 00007ffa491503b0 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff949823ef0 7 bytes JMP 00007ffa49150340 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff949823fe0 7 bytes JMP 00007ffa49150378 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff9498506c0 7 bytes JMP 00007ffa49150228 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff949850730 7 bytes JMP 00007ffa49150298 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff949850760 7 bytes JMP 00007ffa49150260 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff9491621d0 5 bytes JMP 00007ffa49150180 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff9491629d0 7 bytes JMP 00007ffa491500d8 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff949164310 5 bytes JMP 00007ffa49150110 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff949168900 5 bytes JMP 00007ffa49150148 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff94b816d90 10 bytes JMP 00007ffa49150490 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff94b8274a0 5 bytes JMP 00007ffa49150458 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff94b827560 1 byte JMP 00007ffa491503e8 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ff94b827562 7 bytes {JMP 0xfffffffffd928e88} .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff94b836b10 5 bytes JMP 00007ffa49150420 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff94bd41500 8 bytes JMP 00007ffa491501b8 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff94bd41750 8 bytes JMP 00007ffa491501f0 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory 00007ff9468c7750 5 bytes JMP 00007ffa468b00d8 .text C:\WINDOWS\system32\dwm.exe[828] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1 00007ff9468c8ee0 5 bytes JMP 00007ffa468b0110 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\System32\drivers\pci.sys[ntoskrnl.exe!IofCallDriver] [fffff80157272de4] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\iaStorA \Device\RaidPort0 ffffe000937f42c0 Device \Driver\cdrom \Device\CdRom0 ffffe000937f62c0 Device \Driver\iaStorA \Device\0000002b ffffe000937f42c0 Device \Driver\iaStorA \Device\0000002c ffffe000937f42c0 Device \Driver\iaStorA \Device\ScsiPort0 ffffe000937f42c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xffffe000937f42c0]<< sptd.sys storport.sys hal.dll iaStorA.sys ffffe000937f42c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00095407060] ffffe00095407060 Trace 3 CLASSPNP.SYS[fffff80158002170] -> nt!IofCallDriver -> [0xffffe00094180e50] ffffe00094180e50 Trace 5 ACPI.sys[fffff801570f8c21] -> nt!IofCallDriver -> \Device\0000002b[0xffffe0009417f060] ffffe0009417f060 Trace \Driver\iaStorA[0xffffe00094020a90] -> IRP_MJ_CREATE -> 0xffffe000937f42c0 ffffe000937f42c0 ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [524:548] fffff960009c22d0 Thread C:\WINDOWS\system32\svchost.exe [964:3332] 00007ff93a4a1050 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----
Addition.txt
FRST.txt
Shortcut.txt