GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-31 22:53:12 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000030 ST1000LM014-SSHD-8GB rev.LVD3 931,51GB Running: lxb48ttw.exe; Driver: C:\Users\Agata\AppData\Local\Temp\kxxdrpow.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\SYSTEM32\iertutil.dll [2660] entry point in ".rdata" section 0000000071081310 ? C:\WINDOWS\SYSTEM32\iertutil.dll [3528] entry point in ".rdata" section 0000000071081310 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6180] entry point in ".rdata" section 0000000071081310 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [716:888] ffffed1ca5536c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x41 0x47 0x98 0x15 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x74 0x1D 0x4D 0x2B ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xB0 0xD0 0xA1 0x15 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x74 0x1D 0x4D 0x2B ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 8 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\CMN15BD0_11_07DC_6A^B17D6DB00AD16C50E6C19EC1610100F2@Timestamp 0xF6 0x89 0xA8 0x16 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 872 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{8553331B-3A81-4063-B196-DABDF028F069}\Connection@Name Reusable ISATAP Interface {8553331B-3A81-4063-B196-DABDF028F069} Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1237748698 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 59c071f5-74d9-4f7a-98f1-164c26c Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{6b4f515b-51d0-4c6e-bf12-98d5eb685a5f} Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\fcf8aeccda11 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{67b7bc15-ad86-4487-a231-d07ecf599931}@LastProbeTime 1474646268 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{8553331B-3A81-4063-B196-DABDF028F069}@InterfaceName Reusable ISATAP Interface {8553331B-3A81-4063-B196-DABDF028F069} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{8553331B-3A81-4063-B196-DABDF028F069}@ReusableType 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Diagnostics@ReadyBootTrainingCountSinceLastServicing 5 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?pon.?, ?pa? ?31 ?16, 06:59:55 PM?????????????????????b???????? Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@EffectivePends 496 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1181 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 85 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 192.168.1.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19fe6a58-f021-49d7-a9d8-d3393587a8b0}@DhcpIPAddress 192.168.1.53 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19fe6a58-f021-49d7-a9d8-d3393587a8b0}@DhcpServer 192.168.1.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19fe6a58-f021-49d7-a9d8-d3393587a8b0}@Lease 86400 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19fe6a58-f021-49d7-a9d8-d3393587a8b0}@LeaseObtainedTime 1477936601 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19fe6a58-f021-49d7-a9d8-d3393587a8b0}@T1 1477979801 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19fe6a58-f021-49d7-a9d8-d3393587a8b0}@T2 1478012201 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19fe6a58-f021-49d7-a9d8-d3393587a8b0}@LeaseTerminatesTime 1478023001 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19fe6a58-f021-49d7-a9d8-d3393587a8b0}@DhcpNetworkHint B627A79737 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19fe6a58-f021-49d7-a9d8-d3393587a8b0}@DhcpDefaultGateway 192.168.1.1? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19fe6a58-f021-49d7-a9d8-d3393587a8b0}@DhcpNameServer 192.168.1.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{19fe6a58-f021-49d7-a9d8-d3393587a8b0}@Dhcpv6State 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{19fe6a58-f021-49d7-a9d8-d3393587a8b0}@DhcpV6NetworkHint B627A79737 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xD1 0x18 0x88 0xAC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xD1 0x80 0x4C 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xD1 0xB0 0xC3 0x4A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 10048 10054 10066 10076 10086 10106 10150 10160 10198 10204 10220 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 10226 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 10227 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 10048 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 10049 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask 0x64 0x62 0x03 0x00 ... ---- Files - GMER 2.2 ---- ADS C:\Windows\WinSxS\amd64_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_10.0.14393.0_pl-pl_311381cb6310371a\wuaueng.dll.mui:WofCompressedData 5269 bytes executable ---- EOF - GMER 2.2 ----