GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-05 11:45:42 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000030 SAMSUNG_HM321HI rev.2AJ10003 298,09GB Running: 1yihd7nw.exe; Driver: C:\Users\8066_000\AppData\Local\Temp\kxldapoc.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [4960:2428] fffff960008fa2d0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\ACI20A281LMQS034613_03_07D8_0E^29C443468201C2F7392B4E71F576FAA0@Timestamp 0x9A 0xB2 0xED 0xF2 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\CPT14C70_04_07DB_CB^5A4A124CFC8C230110C3A2D414DA6946@Timestamp 0x29 0x71 0x2A 0xE9 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1907858216 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 6615 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 20917 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime 644 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 3975 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 7263 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 3672 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 7551 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime 1958 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 1501 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeMapTime 95 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeUnmapTime 2 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeUserInOutTime 82 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAllocateTime 11 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 11238 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 11280 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 11287 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 381906 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 13327 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 3360 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 52 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 13524 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 1994 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 207805 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0x96 0x3B 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 210 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 3038 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0xDA 0x76 0xF3 0x01 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HybridBootAnimationTime 17 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{8FB85C07-DEC4-4D49-9A71-E7D9E7F4AF08}@DefunctTimestamp 0xE9 0xC6 0x97 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\d8-5d-4c-c3-4a-40@ClientLocalPort 56642 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\d8-5d-4c-c3-4a-40@AddressCreationTimestamp 0xD4 0xD7 0xA8 0x0B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\d8-5d-4c-c3-4a-40@TeredoAddress 2001:0:9d38:6ab8:18a8:d80d:b202:c6c5 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 3512 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 1842 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 1747 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C83D7B43-EABC-40E1-A99E-72F95593DD60}@LeaseObtainedTime 1436042963 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C83D7B43-EABC-40E1-A99E-72F95593DD60}@T1 1436172563 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C83D7B43-EABC-40E1-A99E-72F95593DD60}@T2 1436269763 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C83D7B43-EABC-40E1-A99E-72F95593DD60}@LeaseTerminatesTime 1436302163 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications@MobileBroadbandLastResetDate 0x6C 0x9C 0x9F 0xF4 ... ---- Files - GMER 2.1 ---- File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008c7 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008c8 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008c9 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008ca 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008cb 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008cc 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008cd 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008ce 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008cf 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008d0 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008d1 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008d2 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008d3 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008d4 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008b9 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008ba 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008bb 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008bc 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008bd 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008be 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008bf 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008c0 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008c1 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008c2 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008c3 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008c4 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008c5 0 bytes File C:\Users\8066_000\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008c6 0 bytes ---- EOF - GMER 2.1 ----