GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-08-18 19:09:29
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000019 WDC_WD10JPVX-75JC3T0 rev.01.01A01 931,51GB
Running: x11sul07.exe; Driver: C:\Users\Oliwia\AppData\Local\Temp\fxldapob.sys

 

 

---- User code sections - GMER 2.2 ----

?       C:\WINDOWS\SYSTEM32\dbgcore.DLL [5740] entry point in ".rdata" section                           0000000070e9c940
?       C:\WINDOWS\system32\wbem\wbemsvc.dll [5740] entry point in ".rdata" section                      0000000070c78fc0
?       C:\WINDOWS\SYSTEM32\NTASN1.dll [5740] entry point in ".rdata" section                            000000006fb0a020
?       C:\WINDOWS\SYSTEM32\iertutil.dll [5740] entry point in ".rdata" section                          000000006de100e0
?       C:\Windows\System32\smartscreenps.dll [5740] entry point in ".rdata" section                     000000006af458a0
?       C:\Windows\System32\ActXPrxy.dll [5740] entry point in ".rdata" section                          0000000069449b80
?       C:\Windows\System32\OneCoreCommonProxyStub.dll [5740] entry point in ".rdata" section            0000000068d4da90
?       C:\WINDOWS\system32\apphelp.dll [2488] entry point in ".rdata" section                           000000006cfcf7c0

---- Threads - GMER 2.2 ----

Thread  C:\WINDOWS\system32\csrss.exe [680:888]                                                          fffff5af6db96c20

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                416967103
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\TrustedInstaller@Events  CreateSession
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\9cd21e0f6462                      
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\9cd21e0f6462@30212e3a251e         0x81 0xED 0xBA 0xF0 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime                  ?czw.?, ?sie ?18 ?16, 03:15:49????????????????????????`????????
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller@Start                                    2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller                                          
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated              0x4D 0x5C 0xE6 0x6A ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh                   0x4D 0xC4 0xAA 0xCC ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow                    0x4D 0xF4 0x21 0x09 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw                                               0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask                                           0x64 0x62 0x03 0x00 ...
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@E7CF176E110C211B              0xC4 0x04 0xE9 0xE3 ...

---- Disk sectors - GMER 2.2 ----

Disk    \Device\Harddisk0\DR0                                                                            unknown MBR code

---- EOF - GMER 2.2 ----