GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-23 15:02:43 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000027 SAMSUNG_HM321HI rev.2AJ10001 298,09GB Running: 0buus07z.exe; Driver: C:\Users\MISTRZ~1\AppData\Local\Temp\kxldikob.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\system32\bitsigd.dll [436] entry point in ".rdata" section 00007ff83973da10 ? C:\WINDOWS\system32\apphelp.dll [2064] entry point in ".rdata" section 0000000070c4f7c0 ? C:\WINDOWS\system32\apphelp.dll [4368] entry point in ".rdata" section 0000000070c4f7c0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\WINDOWS\system32\svchost.exe[436] @ c:\windows\system32\bitsperf.dll[msvcrt.dll!_initterm] [0] IAT C:\WINDOWS\system32\svchost.exe[436] @ c:\windows\system32\bitsperf.dll[msvcrt.dll!malloc] [0] IAT C:\WINDOWS\system32\svchost.exe[436] @ c:\windows\system32\bitsperf.dll[msvcrt.dll!__CxxFrameHandler3] [0] IAT C:\WINDOWS\system32\svchost.exe[436] @ c:\windows\system32\bitsperf.dll[msvcrt.dll!_vsnwprintf] [0] IAT C:\WINDOWS\system32\svchost.exe[436] @ c:\windows\system32\bitsperf.dll[msvcrt.dll!free] [0] IAT C:\WINDOWS\system32\svchost.exe[436] @ c:\windows\system32\bitsperf.dll[msvcrt.dll!_amsg_exit] [0] IAT C:\WINDOWS\system32\svchost.exe[436] @ c:\windows\system32\bitsperf.dll[msvcrt.dll!_XcptFilter] [0] IAT C:\WINDOWS\system32\svchost.exe[436] @ c:\windows\system32\bitsperf.dll[msvcrt.dll!_wcsicmp] [0] IAT C:\WINDOWS\system32\svchost.exe[436] @ c:\windows\system32\bitsperf.dll[msvcrt.dll!memcpy] [0] IAT C:\WINDOWS\system32\svchost.exe[436] @ c:\windows\system32\bitsperf.dll[msvcrt.dll!memset] [0] IAT C:\WINDOWS\system32\svchost.exe[436] @ c:\windows\system32\bitsperf.dll[ntdll.dll!RtlLookupFunctionEntry] [0] IAT C:\WINDOWS\system32\svchost.exe[436] @ c:\windows\system32\bitsperf.dll[ntdll.dll!RtlCaptureContext] [0] IAT C:\WINDOWS\system32\svchost.exe[436] @ c:\windows\system32\bitsperf.dll[ntdll.dll!RtlVirtualUnwind] [0] IAT C:\WINDOWS\system32\svchost.exe[436] @ c:\windows\system32\bitsperf.dll[RPCRT4.dll!UuidCreate] [0] IAT C:\WINDOWS\system32\svchost.exe[436] @ c:\windows\system32\bitsperf.dll[RPCRT4.dll!RpcStringFreeW] [0] IAT C:\WINDOWS\system32\svchost.exe[436] @ c:\windows\system32\bitsperf.dll[RPCRT4.dll!UuidToStringW] [0] ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [600:876] fffff9950f5a6c20 Thread C:\WINDOWS\system32\svchost.exe [1228:2932] 00007ff834001240 Thread C:\WINDOWS\system32\svchost.exe [1228:2936] 00007ff83404a3b0 Thread C:\WINDOWS\system32\svchost.exe [1228:2948] 00007ff833fd25e0 Thread C:\WINDOWS\system32\svchost.exe [1228:1208] 00007ff8337d3bc0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1563130151 Reg HKLM\SYSTEM\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\3@Timestamp 0xEC 0xC2 0x16 0xBE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x7C 0x19 0xF4 0x9C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x7C 0x81 0xB8 0xFE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x7C 0xB1 0x2F 0x3B ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance@MessageTime 0xDB 0x37 0x52 0x0B ... ---- EOF - GMER 2.2 ----