GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-11 13:03:12 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002a GOODRAM rev.SAFM12.2 111,79GB Running: ev85hrdc.exe; Driver: C:\Users\Dom\AppData\Local\Temp\pfrdyuod.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [552:620] ffffc755f5736c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x8A 0x34 0xD9 0x6E ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x19 0x82 0x8E 0xB7 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 24 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\NOEDID_1002_665F_00000003_00000000_100^DA370DB81FEA89194439656152241571@Timestamp 0xBB 0xB0 0xC5 0x31 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 696 Reg HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c\238c9fa8-0aad-41ed-83f4-97be242c8f20\9d7815a6-7ee4-497e-8888-515a05f02364@ACSettingIndex 480 Reg HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c\238c9fa8-0aad-41ed-83f4-97be242c8f20\9d7815a6-7ee4-497e-8888-515a05f02364@DCSettingIndex 480 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -223395002 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID b413785b-a206-4769-be35-327f681 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 4 Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{76b8a330-052a-4114-b5db-6f21db34be88} Reg HKLM\SYSTEM\CurrentControlSet\Services\AmdPPM\Parameters\Wdf@TimeOfLastTelemetryLog 0xA9 0xCE 0xA1 0xBF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName Global\MMF_BITS51e3bb04-7a6c-43a3-9508-947c6a6e6c3a Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{dd477a74-10e7-400b-b8a1-4f283afeea79}@LastProbeTime 1481399069 Reg HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastTelemetryLog 0x36 0x8D 0xDF 0xC0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\NdisVirtualBus\Parameters\Wdf@TimeOfLastTelemetryLog 0xE8 0xF5 0xA8 0xBF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 3671 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 625 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 23 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5587bd0a-92ee-46a3-b087-da2093b0d2c1}@LeaseObtainedTime 1481453704 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5587bd0a-92ee-46a3-b087-da2093b0d2c1}@T1 1481496904 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5587bd0a-92ee-46a3-b087-da2093b0d2c1}@T2 1481529304 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5587bd0a-92ee-46a3-b087-da2093b0d2c1}@LeaseTerminatesTime 1481540104 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{5587bd0a-92ee-46a3-b087-da2093b0d2c1}@Dhcpv6State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters\Wdf@TimeOfLastTelemetryLog 0x75 0x60 0xED 0xBF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x0D 0xE2 0x3D 0x0D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x0D 0x4A 0x02 0x6F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x0D 0x7A 0x79 0xAB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 12948 12954 12964 12974 12994 13038 13048 13086 13092 13108 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 13114 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 13115 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 12948 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 12949 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpdUpFltr\Parameters\Wdf@TimeOfLastTelemetryLog 0x86 0xEF 0x24 0xC4 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance@MessageTime 0x9C 0xAF 0x26 0x50 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----