GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-14 18:29:33 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c GOODRAM rev.SAFM22.3 223,57GB Running: sh9g12bm.exe; Driver: F:\TEMP\fwlcqpow.sys ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [896:948] ffffbdcaa4736c20 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:2448] 0000000000fd55aa Thread C:\Windows\SYSTEM32\ntdll.dll [2444:3928] 0000000070b06e70 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:4064] 00000000701a1120 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:4100] 00000000711eac40 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:4196] 000000006feee718 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:4200] 000000006feee718 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:4596] 0000000070678420 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:5576] 000000006feee718 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:5580] 000000006feee718 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:5584] 000000006feee718 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:6464] 000000007345e622 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:6476] 00000000733a9e10 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:6868] 000000006e0d1170 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:7128] 000000006df13bb6 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:6072] 000000006df13bb6 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:6292] 000000006feee718 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:6296] 000000006feee718 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:2316] 000000006df13bb6 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:6304] 000000006df13bb6 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:6312] 000000006df13bb6 Thread C:\Windows\SYSTEM32\ntdll.dll [2444:6544] 000000006df13bb6 Thread C:\Windows\explorer.exe [7360:6444] 00007ff806f820e0 Thread C:\Windows\explorer.exe [7360:2728] 00007ff806f820e0 ---- Services - GMER 2.2 ---- Service C:\Windows\System32\qmgr.dll (*** hidden *** ) [AUTO] BITS <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ????In??????????? ??????????????????????????????????????????? ???????????????????????????????????????????????&???&???&???&???&???&???&???&??????????????Edifier S760D 5.1-po??czenie optyczne (Realtek High Definition Audio)??????Edifier S760D 5.1-po??czenie optyczne (Realtek High Definition Audio)??????Edifier S760D 5.1-po??czenie optyczne (Realtek High Definition Audio)??????????????????!???????????????????????????????????????????????????????????????????????????????????????????????????????????? ????????????????????????????? ? ??????????????????????????????????????????????????????????????????????????????????????? ????????????????????????????? ? ??????????????????????????????????????????????????????????????????????????????????????? ????????????????????????????? ? ??????????????????????????????????????????????????????????????????????????????????????? ????????????????????????????? ? ??????????????????????????????????????????????????????????????????????????????????????? ????????????????????????????? ? ????????? Reg HKLM\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings@StringCacheGeneration 266 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll.old??\??\F:\TEMP\_iu14D2N.tmp??\??\C:\Windows\system32\spool\V4Dirs\8759EE1E-EF0F-44DE-9328-7978AEA20101\94766af2.BUD??\??\C:\Windows\system32\spool\V4Dirs\8759EE1E-EF0F-44DE-9328-7978AEA20101\94766af2.gpd??\??\C:\Windows\system32\spool\V4Dirs\8759EE1E-EF0F-44DE-9328-7978AEA20101?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1785479248 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName Global\MMF_BITS90415684-281f-4819-aef0-b809bb2d90a5 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0019860000ba Reg HKLM\SYSTEM\CurrentControlSet\Services\KLIF\Parameters@CheckVersion 18 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1156 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 156 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{08c71c50-aeeb-49ff-b159-bb198843476b}@LeaseObtainedTime 1471187975 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{08c71c50-aeeb-49ff-b159-bb198843476b}@T1 1471490375 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{08c71c50-aeeb-49ff-b159-bb198843476b}@T2 1471717175 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{08c71c50-aeeb-49ff-b159-bb198843476b}@LeaseTerminatesTime 1471792775 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{08c71c50-aeeb-49ff-b159-bb198843476b}@Dhcpv6State 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x60 0xCB 0x66 0x5D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x60 0x33 0x2B 0xBF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x60 0x63 0xA2 0xFB ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter 286 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\iexplore@Count 3 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE7CD045-E861-484F-8273-0445EE161910}\iexplore@Count 3 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 2 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----