GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-05 17:06:03 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001e TOSHIBA_ rev.AM00 465,76GB Running: gllcyh7t.exe; Driver: C:\Users\MICHA~1\AppData\Local\Temp\afworpod.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\system32\wbem\wbemsvc.dll [6212] entry point in ".rdata" section 0000000070b78fa0 ? C:\WINDOWS\system32\d3d10_1.dll [4160] entry point in ".rdata" section 00000000673e24b0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [4160] entry point in ".rdata" section 000000007250cb70 ? C:\Windows\SYSTEM32\ActXPrxy.dll [4160] entry point in ".rdata" section 00000000659ebd10 ? C:\WINDOWS\SYSTEM32\apphelp.dll [4160] entry point in ".rdata" section 0000000070990380 ? C:\WINDOWS\system32\mssprxy.dll [4160] entry point in ".rdata" section 00000000656da4e0 ? C:\WINDOWS\system32\apphelp.dll [2460] entry point in ".rdata" section 0000000070990380 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [3228:5520] fffff960a9fd4060 ---- Services - GMER 2.2 ---- Service System32\drivers\dtsoftbus01.sys (*** hidden *** ) [SYSTEM] dtsoftbus01 <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -589396394 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 93 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9f2b06a0-9e8f-4458-91a8-23ebefea1d9c}@LeaseObtainedTime 1465125002 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9f2b06a0-9e8f-4458-91a8-23ebefea1d9c}@T1 1465125902 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9f2b06a0-9e8f-4458-91a8-23ebefea1d9c}@T2 1465126577 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9f2b06a0-9e8f-4458-91a8-23ebefea1d9c}@LeaseTerminatesTime 1465126802 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x3E 0x81 0x11 0x6D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x3E 0xE9 0xD5 0xCE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x3E 0x19 0x4D 0x0B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0x16 0xE0 0x42 0x03 ... ---- EOF - GMER 2.2 ----