GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-06-22 18:01:24
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000028 ST500LT012-9WS142 rev.0001SDM1 465,76GB
Running: 2ooctteh.exe; Driver: C:\Users\Gabriela\AppData\Local\Temp\ugldqpod.sys


---- Kernel code sections - GMER 2.2 ----

.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                fffff960000e3b00 15 bytes {ADD AH, CL; JMP 0x5}
.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16                                                                           fffff960000e3b10 11 bytes [00, DE, FB, FF, 40, D6, BF, ...]

---- Threads - GMER 2.2 ----

Thread  C:\WINDOWS\system32\csrss.exe [796:1528]                                                                                       fffff960008bf2d0

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                              -1289735876
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\TrustedInstaller@Events                                CreateSession
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\6894231ee108                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings                                                      
Reg     HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime                                                ??r?, ?cze ?21 ?17, 09:13:44???????????????????????????????????
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AEAB0090-108D-4656-9F76-6728170A60EA}@LeaseObtainedTime    1498134115
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AEAB0090-108D-4656-9F76-6728170A60EA}@T1                   1498137715
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AEAB0090-108D-4656-9F76-6728170A60EA}@T2                   1498140415
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AEAB0090-108D-4656-9F76-6728170A60EA}@LeaseTerminatesTime  1498141315
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller@Start                                                                  2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller                                                                        
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw                                                                             0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask                                                                         0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw                                                                             0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask                                                                         0x64 0x62 0x03 0x00 ...

---- Disk sectors - GMER 2.2 ----

Disk    \Device\Harddisk0\DR0                                                                                                          unknown MBR code

---- EOF - GMER 2.2 ----