GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-04 21:40:30 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Crucial_CT240M500SSD1 rev.MU05 223,57GB Running: zk1qs9zf.exe; Driver: C:\Users\mcm\AppData\Local\Temp\uxtyrpob.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\system32\wbem\wbemsvc.dll [2064] entry point in ".rdata" section 0000000073a88fa0 ? C:\Windows\SYSTEM32\ActXPrxy.dll [2064] entry point in ".rdata" section 000000006ecfbc40 ? C:\Windows\SYSTEM32\iertutil.dll [2064] entry point in ".rdata" section 000000006f6fcaf0 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [2668] entry point in ".rdata" section 000000006d82bb10 ? C:\WINDOWS\SYSTEM32\wship6.dll [4604] entry point in ".rdata" section 0000000072dd24b0 ? C:\WINDOWS\SYSTEM32\apphelp.dll [6536] entry point in ".rdata" section 000000006b090380 ? C:\WINDOWS\system32\apphelp.dll [6740] entry point in ".rdata" section 000000006b090380 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [6792] entry point in ".rdata" section 0000000073a88fa0 ? C:\WINDOWS\system32\apphelp.dll [6832] entry point in ".rdata" section 000000006b090380 ? C:\WINDOWS\system32\d3d10_1.dll [1228] entry point in ".rdata" section 000000006e0e24b0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [1228] entry point in ".rdata" section 000000006f6fcaf0 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [1228] entry point in ".rdata" section 000000006d82bb10 ? C:\WINDOWS\system32\apphelp.dll [7692] entry point in ".rdata" section 000000006b090380 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [732:4032] fffff960d6994060 Thread C:\WINDOWS\Explorer.EXE [4252:3424] 000000005daf6550 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -2051080204 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b10002772 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xC1 0x64 0x2D 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xC1 0xCC 0xF1 0xB7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xC1 0xFC 0x68 0xF4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0xC8 0xF6 0x37 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList@b ac Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList@MRUList a Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting@LastRateLimitedDumpGenerationTime 0x97 0xCA 0xFA 0x86 ... ---- EOF - GMER 2.2 ----