GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-24 12:44:39 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000032 WDC_WD10JPVX-75JC3T0 rev.01.01A01 931,51GB Running: u3n5qewl.exe; Driver: C:\Users\MONIK_~1\AppData\Local\Temp\uwldypod.sys ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [672:688] fffff9600089c2d0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4400:5992] 00007ffc9decb530 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe [2124:5904] 00007ffca7e7bf10 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe [2124:7324] 00007ffca6907470 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe [2124:7348] 00007ffca6907470 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe [2124:7388] 00007ffcb031ad30 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe [2124:5096] 00007ffcb1999680 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{32731DA2-8C69-4F8D-A690-AEFD9332A16F}\Connection@Name isatap.Home Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1652612873 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 1759 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTATH_RCP\Parameters@Ctrl-Low -935100784 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\4cbb58364093 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Services\{00001200-0000-1000-8000-00805f9b34fb}@SecurityFlags 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{32731DA2-8C69-4F8D-A690-AEFD9332A16F}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{32731DA2-8C69-4F8D-A690-AEFD9332A16F}@DefunctTimestamp 0xF3 0x1D 0x1C 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-0f-bf-01-85-ca@AddressCreationTimestamp 0x8D 0xAF 0x2C 0x0D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\RSUSBVSTOR\Parameters@EnableAutoDelink 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 863 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 55 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{548CC7EF-3F54-46BF-A357-E8DE47776179} v2.22|Action=Block|Active=TRUE|Dir=In|Name=@{Microsoft.WinJS.2.0_1.0.9600.16408_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.WinJS.2.0/manifest/DisplayName}|Desc=@{Microsoft.WinJS.2.0_1.0.9600.16408_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.WinJS.2.0/manifest/Description}|LUOwn=S-1-5-21-2850613821-2380182805-2248431766-1001|AppPkgId=S-1-15-2-203602565-2550712241-488262576-1482681342-2102951215-1992896490-1068375066|EmbedCtxt=@{Microsoft.WinJS.2.0_1.0.9600.16408_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.WinJS.2.0/manifest/DisplayName}| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{764EA6EA-694D-4AD3-9DAA-B6672524EA87} v2.22|Action=Block|Active=TRUE|Dir=Out|Name=@{Microsoft.WinJS.2.0_1.0.9600.16408_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.WinJS.2.0/manifest/DisplayName}|Desc=@{Microsoft.WinJS.2.0_1.0.9600.16408_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.WinJS.2.0/manifest/Description}|LUOwn=S-1-5-21-2850613821-2380182805-2248431766-1001|AppPkgId=S-1-15-2-203602565-2550712241-488262576-1482681342-2102951215-1992896490-1068375066|EmbedCtxt=@{Microsoft.WinJS.2.0_1.0.9600.16408_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.WinJS.2.0/manifest/DisplayName}| Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 158 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{266E3DBA-DC97-4756-AB01-BCF7A26362D2}@LeaseObtainedTime 1461460597 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{266E3DBA-DC97-4756-AB01-BCF7A26362D2}@T1 1461503797 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{266E3DBA-DC97-4756-AB01-BCF7A26362D2}@T2 1461536197 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{266E3DBA-DC97-4756-AB01-BCF7A26362D2}@LeaseTerminatesTime 1461546997 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter 188 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x34 0xBB 0xD1 0xC4 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x34 0xBB 0xD1 0xC4 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x34 0xBB 0xD1 0xC4 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 174 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x34 0xBB 0xD1 0xC4 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xB0 0x1E 0x59 0x3A ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 611 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Users\monik_000\AppData\Local\Mozilla\Firefox\Profiles\7dkizkin.default\cache2\entries\2CD0603BCFE1078C037746C1EEEC09C7CDCD0A2F 161 bytes ---- EOF - GMER 2.2 ----