GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-13 18:17:24 Windows 6.3.9600 x64 Running: i0iymvie.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\uxdyrpoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 960 fffff8018f5ccd00 60 bytes [C0, 52, AC, FF, 02, AD, 4E, ...] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\Explorer.EXE[1192] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 714 00007ffdc492154a 4 bytes [92, C4, FD, 7F] .text C:\WINDOWS\Explorer.EXE[1192] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 722 00007ffdc4921552 4 bytes [92, C4, FD, 7F] .text C:\WINDOWS\Explorer.EXE[1192] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 98 00007ffdc492162a 4 bytes [92, C4, FD, 7F] .text C:\WINDOWS\Explorer.EXE[1192] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 122 00007ffdc4921642 4 bytes [92, C4, FD, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [516:524] fffff960008d6b90 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions NOEXECUTE=OPTIN USEPLATFORMCLOCK Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\MSBDD_IVM61071109413621114_24_07DB_AF_1414_008D_FFFFFFFF_FFFFFFFF_0^BAF10A2E9627A817D4E028B865673655@Timestamp 0x4F 0xC3 0x09 0x62 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 636 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3899996 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1574856673 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 19 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 422184069 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 16607 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID bfe2e893-7435-477e-8753-30dc807 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AITEventLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SQMLogger@FileCounter 9 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\amdsbs\Parameters\Device-1@RaidCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{57ec0950-7491-4adc-847b-58b146029535}@LastProbeTime 1410630901 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 785 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 39 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5733593F-C33B-4584-8018-75E881C91250}@LeaseObtainedTime 1410623698 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5733593F-C33B-4584-8018-75E881C91250}@T1 1410666898 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5733593F-C33B-4584-8018-75E881C91250}@T2 1410699298 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5733593F-C33B-4584-8018-75E881C91250}@LeaseTerminatesTime 1410710098 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@HideFileExt 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@ShowSuperHidden 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 ---- EOF - GMER 2.1 ----