GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-17 23:36:48 Windows 6.3.9600 x64 \Device\Harddisk0\DR0 -> \Device\0000003a ST1000DM003-1SB10C rev.CC43 931,51GB Running: 44u53v39.exe; Driver: C:\Users\Kuba\AppData\Local\Temp\pgriqpoc.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000b8a00 15 bytes {ADD BL, CH; JMP 0x5} .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff960000b8a10 11 bytes [00, D6, FB, FF, 40, AA, BF, ...] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [520:400] fffff960009242d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions NOEXECUTE=OPTIN Reg HKLM\SYSTEM\CurrentControlSet\Control@LastBootShutdown 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\MSBDD_SAM0274HSAP108374_03_07D7_76_1414_008D_FFFFFFFF_FFFFFFFF_0^DAF8F7535363C85BEACE3A3AEBC77B86@Timestamp 0xE2 0x47 0xE4 0xFE ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 820 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900211 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 455732118 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 233 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 504622843 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 15847 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 15849 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 5be87428-5481-471d-86a8-969bd82 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 3 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\UnitedVideo\SERVICES\BASICDISPLAY@DefaultSettings.XResolution 1440 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\UnitedVideo\SERVICES\BASICDISPLAY@DefaultSettings.YResolution 900 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Layout_MaximumAvailableHeightCells 10 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Layout_AvailableHeightCells 10 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----