GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-22 12:54:07 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001f Hitachi_HTS545050A7E380 rev.GG2OA7A0 465,76GB Running: gmer.exe; Driver: C:\Users\kasia\AppData\Local\Temp\ugryakog.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\system32\wbem\wbemsvc.dll [2260] entry point in ".rdata" section 0000000072048fc0 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [4660] entry point in ".rdata" section 0000000072048fc0 ? C:\Windows\System32\ActXPrxy.dll [4660] entry point in ".rdata" section 0000000071889b80 ? C:\Windows\System32\iertutil.dll [4660] entry point in ".rdata" section 0000000070b11590 ? C:\WINDOWS\system32\mssprxy.dll [4660] entry point in ".rdata" section 00000000702ca650 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [5364] entry point in ".rdata" section 0000000072048fc0 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [1744] entry point in ".rdata" section 0000000072048fc0 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [6288] entry point in ".rdata" section 0000000072048fc0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6288] entry point in ".rdata" section 0000000070b11590 ? C:\WINDOWS\system32\apphelp.dll [8436] entry point in ".rdata" section 0000000061aaf7c0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1793607098 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\9c2a703acb32 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x10 0x0B 0xB6 0x8C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x10 0x73 0x7A 0xEE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x10 0xA3 0xF1 0x2A ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----