GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-12-15 15:14:56
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000032 ADATA_SP920SS rev.1.08 119,24GB
Running: o0j8kud7.exe; Driver: C:\Users\KASZME~1\AppData\Local\Temp\kgndqfod.sys


---- Threads - GMER 2.2 ----

Thread  C:\WINDOWS\system32\csrss.exe [564:596]                                                                                        ffff9fc3c0936c20

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions                                                                        NOEXECUTE=OPTIN  NOVGA
Reg     HKLM\SYSTEM\CurrentControlSet\Control@LastBootShutdown                                                                         0
Reg     HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC                                               ????????????????? j?????????????????$UserProfile$\AppData\Local\Microsoft\Outlook\*.oab??-??? ????????????????????????????.?????????????????????????????????????????????? ??????????????????????????????????????????? ?????????????????????????????????????????????????R?=??????? ???????????????????????????????????????t??????????? ????????n???????????????L?????????????s??????-???????????????????????????????? ??????????? ????????????????????????????????????8??????????????????????????????????????????? ??????????????????????????????b???&???????????????????????????????????s???XboxComposite?????????????????b???????????c?????-24?????????????????????$UserProfile$\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\*.fsf?$UserProfile$\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\*.fsd?$UserProfile$\Local Settings\Application Data\Office\15.0\OfficeFileCache\*.fsd?$UserProfile$\Local Settings\Application Data\Office\15.0\OfficeFileCache\*.fsf?$UserProfile$\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\LocalCach
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid                                                                               736
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber                                             2710564
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                              -1823460155
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId                              62
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime                            491700346
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime                                                           6741
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime                                                         6696
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID                                                               7c77041e-c83e-424e-8691-6d67800
Reg     HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter                                                 2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\amdsbs\Parameters\Device-1@RaidCount                                                    22
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\80a589b56a66                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{e30d1ec9-c111-43a5-a60b-d5fd723707e5}@LastProbeTime          1481811964
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                4662
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                               742
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d5d7cfdf-5601-4ffa-8951-f8993e6e12a5}@LeaseObtainedTime    1481808364
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d5d7cfdf-5601-4ffa-8951-f8993e6e12a5}@T1                   1481810164
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d5d7cfdf-5601-4ffa-8951-f8993e6e12a5}@T2                   1481811514
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d5d7cfdf-5601-4ffa-8951-f8993e6e12a5}@LeaseTerminatesTime  1481811964
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM@OsBootCount                                                                         96
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop                                               0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List                                                        19320 19326 19338 19374 19384 19394 19414 19458 19468 19506 19512 19528
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter                                                       19534
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help                                                          19535
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter                                                      19320
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help                                                         19321
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw                                                                             0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask                                                                         0x64 0x62 0x03 0x00 ...

---- Disk sectors - GMER 2.2 ----

Disk    \Device\Harddisk0\DR0                                                                                                          unknown MBR code

---- EOF - GMER 2.2 ----