GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-07 22:32:36 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000018 WDC_WD5000LPCX-24C6HT0 rev.02.01A02 465,76GB Running: 2jyyjdo6.exe; Driver: C:\Users\tomasz\AppData\Local\Temp\kxtdipow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe[2712] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll!ff_mpeg4_encode_video_packet_header + 49 000000006aeddcc1 4 bytes [60, 1B, 3B, 01] .text C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe[2712] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll!ff_mpeg4_decode_picture_header + 851 000000006aee3853 4 bytes [60, 1B, 3B, 01] .text C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe[2712] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll!ff_h264_decode_picture_parameter_set + 193 000000006af11e71 4 bytes [60, 1B, 3B, 01] .text C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe[2712] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll!ff_h264_decode_picture_parameter_set + 504 000000006af11fa8 4 bytes [60, 1B, 3B, 01] .text C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe[2712] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll!ff_mjpeg_encode_dc + 141 000000006af52e9d 4 bytes [60, 1B, 3B, 01] .text C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe[2712] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll!ff_mjpeg_encode_init + 328 000000006af53118 4 bytes [60, 1B, 3B, 01] .text C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe[2712] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll!ff_mjpeg_encode_init + 748 000000006af532bc 4 bytes [60, 1B, 3B, 01] .text C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe[2712] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll!ff_mpeg1_encode_init + 645 000000006af73b75 4 bytes [60, 1B, 3B, 01] .text C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe[2712] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll!ff_nelly_get_sample_bits + 139 000000006af7f2db 4 bytes [60, 1B, 3B, 01] .text C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe[2712] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll!ff_nelly_get_sample_bits + 995 000000006af7f633 4 bytes [60, 1B, 3B, 01] .text C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe[2712] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll!ff_log2 + 37 000000006af868c5 4 bytes [60, 1B, 3B, 01] .text C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe[2712] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll!ff_init_elbg + 808 000000006af98d38 4 bytes [61, 1A, 3B, 01] .text C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe[2712] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll!ff_init_elbg + 872 000000006af98d78 4 bytes [60, 1A, 3B, 01] .text ... * 2 .text C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe[2712] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll!vorbis_inverse_coupling + 781 000000006b01941d 4 bytes [60, 1B, 3B, 01] .text C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe[2712] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll!ff_wma_init + 456 000000006b039668 4 bytes [60, 1B, 3B, 01] ? C:\WINDOWS\system32\apphelp.dll [7480] entry point in ".rdata" section 0000000070a7f7c0 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [648:696] ffffb7e4639a6c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1547400758 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xAA 0x21 0x13 0x6D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xAA 0x89 0xD7 0xCE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xAA 0xB9 0x4E 0x0B ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:0B532B80-00BE-1000-9E19-5085690B8844\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:0B532B80-00BE-1000-9E19-5085690B8844\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome 0xD8 0x57 0x78 0x6B ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Users\tomasz\Downloads\Compressed\Raman.\Raman.Raghav.2.0.2016.PL.SUBBED.BRRip.XviD-KiT 0 bytes File C:\Users\tomasz\Downloads\Compressed\Raman.\Raman.Raghav.2.0.2016.PL.SUBBED.BRRip.XviD-KiT\Forum wielotematyczne, DARMOWE SERWERY!.URL 106 bytes File C:\Users\tomasz\Downloads\Compressed\Raman.\Raman.Raghav.2.0.2016.PL.SUBBED.BRRip.XviD-KiT\Raman.Raghav.2.0.2016.PL.SUBBED.BRRip.XviD-KiT.avi 1468624896 bytes ---- EOF - GMER 2.2 ----