GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-11 01:33:01 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000034 ADATA_SP920SS rev.1.08 119,24GB Running: o0j8kud7.exe; Driver: C:\Users\KASZME~1\AppData\Local\Temp\kgndqfod.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [524:1920] ffffb64f60d36c20 ---- Services - GMER 2.2 ---- Service C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (*** hidden *** ) [MANUAL] Disc Soft Lite Bus Service <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ????????????????? j?????????????????$UserProfile$\AppData\Local\Microsoft\Outlook\*.oab??-??? ????????????????????????????.?????????????????????????????????????????????? ??????????????????????????????????????????? ?????????????????????????????????????????????????R?=??????? ???????????????????????????????????????t??????????? ????????n???????????????L?????????????s??????-???????????????????????????????? ??????????? ????????????????????????????????????8??????????????????????????????????????????? ??????????????????????????????b???&???????????????????????????????????s???XboxComposite?????????????????b???????????c?????-24?????????????????????$UserProfile$\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\*.fsf?$UserProfile$\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\*.fsd?$UserProfile$\Local Settings\Application Data\Office\15.0\OfficeFileCache\*.fsd?$UserProfile$\Local Settings\Application Data\Office\15.0\OfficeFileCache\*.fsf?$UserProfile$\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\LocalCach Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\MSNILCMN15B80_30_07DD_1E_1414_008D_FFFFFFFF_FFFFFFFF_0^E4B4783C93919A31676D5FC03493AD42@Timestamp 0x73 0x03 0xB7 0xAF ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -477585610 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 8102 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 8062 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 10841 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime 150 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 370 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 8254 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeLibraryInitTime 46 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeInitTime 105 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 209 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 8405 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime 58 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 132 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 8624 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 8687 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 10299 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 8684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 10503 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 2270 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 22 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 4856 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime 978 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 189 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelAnimationTime 15 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 278376 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0xB8 0x52 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 37232 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0xF4 0x15 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 161 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate 371 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 95 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@MaxHuffRatio 80 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumIoTime 9 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumTime 41 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime 81 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 219 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0x34 0xCB 0x93 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\80a589b56a66 Reg HKLM\SYSTEM\CurrentControlSet\Services\Disc Soft Lite Bus Service Reg HKLM\SYSTEM\CurrentControlSet\Services\Disc Soft Lite Bus Service@DisplayName Disc Soft Lite Bus Service Reg HKLM\SYSTEM\CurrentControlSet\Services\Disc Soft Lite Bus Service@Type 16 Reg HKLM\SYSTEM\CurrentControlSet\Services\Disc Soft Lite Bus Service@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\Disc Soft Lite Bus Service@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Disc Soft Lite Bus Service@ImagePath "C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe" Reg HKLM\SYSTEM\CurrentControlSet\Services\Disc Soft Lite Bus Service@DependOnService RPCSS? Reg HKLM\SYSTEM\CurrentControlSet\Services\Disc Soft Lite Bus Service@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\Disc Soft Lite Bus Service Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 4527 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 649 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d5d7cfdf-5601-4ffa-8951-f8993e6e12a5}@LeaseObtainedTime 1481405494 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d5d7cfdf-5601-4ffa-8951-f8993e6e12a5}@T1 1481407160 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d5d7cfdf-5601-4ffa-8951-f8993e6e12a5}@T2 1481408510 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d5d7cfdf-5601-4ffa-8951-f8993e6e12a5}@LeaseTerminatesTime 1481409094 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x67 0x50 0xB2 0x72 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x67 0xB8 0x76 0xD4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x67 0xE8 0xED 0x10 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----