GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-20 01:59:23 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000030 TOSHIBA_MQ01ABD075 rev.AX0A4M 698,64GB Running: e195320j.exe; Driver: C:\Users\Anna\AppData\Local\Temp\uxldrpow.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000ff800 15 bytes [C0, BB, ED, 01, 40, 02, 6A, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff960000ff810 11 bytes [00, 7E, FC, FF, 00, A7, B2, ...] ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffea5424ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffea5424fcc 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffea54252a6 8 bytes [40, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffea542549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffea542583f 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffea5425895 8 bytes [10, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffea5425a44 8 bytes [00, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffea5425fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffea54a0780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffea54a0900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffea54a0930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffea54a0a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffea54a0b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffea54a11c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffea54a14c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffea54a1d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d813f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d81583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d81621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d81674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d816e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[6556] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d81727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffea5424ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffea5424fcc 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffea54252a6 8 bytes [40, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffea542549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffea542583f 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffea5425895 8 bytes [10, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffea5425a44 8 bytes [00, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffea5425fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffea54a0780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffea54a0900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffea54a0930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffea54a0a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffea54a0b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffea54a11c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffea54a14c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffea54a1d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d813f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d81583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d81621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d81674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d816e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[7548] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d81727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffea5424ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffea5424fcc 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffea54252a6 8 bytes [40, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffea542549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffea542583f 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffea5425895 8 bytes [10, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffea5425a44 8 bytes [00, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffea5425fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffea54a0780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffea54a0900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffea54a0930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffea54a0a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffea54a0b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffea54a11c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffea54a14c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffea54a1d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d813f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d81583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d81621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d81674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d816e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[2248] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d81727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffea5424ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffea5424fcc 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffea54252a6 8 bytes [40, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffea542549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffea542583f 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffea5425895 8 bytes [10, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffea5425a44 8 bytes [00, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffea5425fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffea54a0780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffea54a0900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffea54a0930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffea54a0a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffea54a0b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffea54a11c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffea54a14c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffea54a1d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000077d813f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077d81583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077d81621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077d81674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000077d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000077d816e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Anna\Desktop\e195320j.exe[4256] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077d81727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [160:6184] fffff960008f22d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Karta Microsoft ISATAP 1? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B8CFDCCE-3E28-413E-8B45-BC52F60FC54A}\Connection@Name isatap.home Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{F4C8701D-6740-47A5-AC5E-5A1FC2F0D83D}\Linkage@Bind \Device\{9EBD8C6E-BDE4-4E1B-8922-96D6D3DF9A5F}?\Device\{664D4802-E871-48EE-9ED1-3DAC907379D6}?\Device\{B9362E84-AC3D-4D55-BED1-51E9ED610837}?\Device\{B8CFDCCE-3E28-413E-8B45-BC52F60FC54A}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{F4C8701D-6740-47A5-AC5E-5A1FC2F0D83D}\Linkage@Route "{9EBD8C6E-BDE4-4E1B-8922-96D6D3DF9A5F}"?"{664D4802-E871-48EE-9ED1-3DAC907379D6}"?"{B9362E84-AC3D-4D55-BED1-51E9ED610837}"?"{B8CFDCCE-3E28-413E-8B45-BC52F60FC54A}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{F4C8701D-6740-47A5-AC5E-5A1FC2F0D83D}\Linkage@Export \Device\TCPIP6TUNNEL_{9EBD8C6E-BDE4-4E1B-8922-96D6D3DF9A5F}?\Device\TCPIP6TUNNEL_{664D4802-E871-48EE-9ED1-3DAC907379D6}?\Device\TCPIP6TUNNEL_{B9362E84-AC3D-4D55-BED1-51E9ED610837}?\Device\TCPIP6TUNNEL_{B8CFDCCE-3E28-413E-8B45-BC52F60FC54A}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e\7516b95f-f776-4464-8c53-06167f40cc99\aded5e82-b909-4619-9949-f5d71dac0bcb@ACSettingIndex 100 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 10152987 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 9602 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 9475 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 18606 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 1097 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 9931 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeLibraryInitTime 134 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeInitTime 291 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 619 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 10358 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime 514 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 157 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 11029 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 11054 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 17115 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 11050 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 18271 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 6486 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 93 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 28236 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime 6054 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeInitTime 55 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 1123 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelAnimationTime 63 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 418520 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0x20 0x65 0x02 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 21601 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0xB6 0x27 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate 100 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 82 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime 5131 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 691 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0x59 0x1F 0x78 0x50 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\645a04b54569 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{664D4802-E871-48EE-9ED1-3DAC907379D6}@ReusableType 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{664D4802-E871-48EE-9ED1-3DAC907379D6}@DefunctTimestamp 0x63 0x21 0xA2 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{B8CFDCCE-3E28-413E-8B45-BC52F60FC54A}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{B8CFDCCE-3E28-413E-8B45-BC52F60FC54A}@DefunctTimestamp 0xA9 0x6E 0xA9 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\14-ae-db-43-42-11@AddressCreationTimestamp 0xAD 0xFF 0xB9 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\KLIF\Parameters@CheckVersion 1036 Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Bind \Device\Tcpip_{E4CE3BB8-181E-4514-9309-7FDE9946A489}?\Device\Tcpip_{0690EC78-362B-445F-BFA8-709509F439A6}?\Device\Tcpip_{0A666297-B36E-4F50-8893-F45A6E87E749}?\Device\Tcpip_{9113C276-5778-4F6F-8737-7DB5FC0856F2}?\Device\Tcpip_{CC857AC7-AD6A-451D-82C1-B149BF797F3D}?\Device\Tcpip_{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}?\Device\Tcpip_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\Tcpip6_{E4CE3BB8-181E-4514-9309-7FDE9946A489}?\Device\Tcpip6_{0690EC78-362B-445F-BFA8-709509F439A6}?\Device\Tcpip6_{9EBD8C6E-BDE4-4E1B-8922-96D6D3DF9A5F}?\Device\Tcpip6_{664D4802-E871-48EE-9ED1-3DAC907379D6}?\Device\Tcpip6_{B9362E84-AC3D-4D55-BED1-51E9ED610837}?\Device\Tcpip6_{0A666297-B36E-4F50-8893-F45A6E87E749}?\Device\Tcpip6_{9113C276-5778-4F6F-8737-7DB5FC0856F2}?\Device\Tcpip6_{CC857AC7-AD6A-451D-82C1-B149BF797F3D}?\Device\Tcpip6_{B8CFDCCE-3E28-413E-8B45-BC52F60FC54A}?\Device\Tcpip6_{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}?\Device\Tcpip6_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\NetbiosSmb?\Device\NetBT_Tcpip_{E4CE3BB8-181E-4514 Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Route "Tcpip" "{E4CE3BB8-181E-4514-9309-7FDE9946A489}"?"Tcpip" "{0690EC78-362B-445F-BFA8-709509F439A6}"?"Tcpip" "{0A666297-B36E-4F50-8893-F45A6E87E749}"?"Tcpip" "{9113C276-5778-4F6F-8737-7DB5FC0856F2}"?"Tcpip" "{CC857AC7-AD6A-451D-82C1-B149BF797F3D}"?"Tcpip" "{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}"?"Tcpip" "{8718928D-CBEB-45EA-A621-800A9249001D}"?"Tcpip6" "{E4CE3BB8-181E-4514-9309-7FDE9946A489}"?"Tcpip6" "{0690EC78-362B-445F-BFA8-709509F439A6}"?"Tcpip6" "{9EBD8C6E-BDE4-4E1B-8922-96D6D3DF9A5F}"?"Tcpip6" "{664D4802-E871-48EE-9ED1-3DAC907379D6}"?"Tcpip6" "{B9362E84-AC3D-4D55-BED1-51E9ED610837}"?"Tcpip6" "{0A666297-B36E-4F50-8893-F45A6E87E749}"?"Tcpip6" "{9113C276-5778-4F6F-8737-7DB5FC0856F2}"?"Tcpip6" "{CC857AC7-AD6A-451D-82C1-B149BF797F3D}"?"Tcpip6" "{B8CFDCCE-3E28-413E-8B45-BC52F60FC54A}"?"Tcpip6" "{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}"?"Tcpip6" "{8718928D-CBEB-45EA-A621-800A9249001D}"?"NetbiosSmb"?"NetBT" "Tcpip" "{E4CE3BB8-181E-4514-9309-7FDE9946A489}"?"NetBT" "Tcpip" "{0690EC78-362B-445F-BFA8-709509F439A6}"?"Ne Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Export \Device\LanmanServer_Tcpip_{E4CE3BB8-181E-4514-9309-7FDE9946A489}?\Device\LanmanServer_Tcpip_{0690EC78-362B-445F-BFA8-709509F439A6}?\Device\LanmanServer_Tcpip_{0A666297-B36E-4F50-8893-F45A6E87E749}?\Device\LanmanServer_Tcpip_{9113C276-5778-4F6F-8737-7DB5FC0856F2}?\Device\LanmanServer_Tcpip_{CC857AC7-AD6A-451D-82C1-B149BF797F3D}?\Device\LanmanServer_Tcpip_{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}?\Device\LanmanServer_Tcpip_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\LanmanServer_Tcpip6_{E4CE3BB8-181E-4514-9309-7FDE9946A489}?\Device\LanmanServer_Tcpip6_{0690EC78-362B-445F-BFA8-709509F439A6}?\Device\LanmanServer_Tcpip6_{9EBD8C6E-BDE4-4E1B-8922-96D6D3DF9A5F}?\Device\LanmanServer_Tcpip6_{664D4802-E871-48EE-9ED1-3DAC907379D6}?\Device\LanmanServer_Tcpip6_{B9362E84-AC3D-4D55-BED1-51E9ED610837}?\Device\LanmanServer_Tcpip6_{0A666297-B36E-4F50-8893-F45A6E87E749}?\Device\LanmanServer_Tcpip6_{9113C276-5778-4F6F-8737-7DB5FC0856F2}?\Device\LanmanServer_Tcpip6_{CC857AC7-AD6A-451D-82C1-B149BF797F3D}?\Device\LanmanServer_Tcpi Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Bind \Device\Tcpip_{E4CE3BB8-181E-4514-9309-7FDE9946A489}?\Device\Tcpip_{0690EC78-362B-445F-BFA8-709509F439A6}?\Device\Tcpip_{0A666297-B36E-4F50-8893-F45A6E87E749}?\Device\Tcpip_{9113C276-5778-4F6F-8737-7DB5FC0856F2}?\Device\Tcpip_{CC857AC7-AD6A-451D-82C1-B149BF797F3D}?\Device\Tcpip_{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}?\Device\Tcpip_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\Tcpip6_{E4CE3BB8-181E-4514-9309-7FDE9946A489}?\Device\Tcpip6_{0690EC78-362B-445F-BFA8-709509F439A6}?\Device\Tcpip6_{9EBD8C6E-BDE4-4E1B-8922-96D6D3DF9A5F}?\Device\Tcpip6_{664D4802-E871-48EE-9ED1-3DAC907379D6}?\Device\Tcpip6_{B9362E84-AC3D-4D55-BED1-51E9ED610837}?\Device\Tcpip6_{0A666297-B36E-4F50-8893-F45A6E87E749}?\Device\Tcpip6_{9113C276-5778-4F6F-8737-7DB5FC0856F2}?\Device\Tcpip6_{CC857AC7-AD6A-451D-82C1-B149BF797F3D}?\Device\Tcpip6_{B8CFDCCE-3E28-413E-8B45-BC52F60FC54A}?\Device\Tcpip6_{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}?\Device\Tcpip6_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\NetbiosSmb?\Device\NetBT_Tcpip_{E4CE3BB8-181E-4514 Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Route "Tcpip" "{E4CE3BB8-181E-4514-9309-7FDE9946A489}"?"Tcpip" "{0690EC78-362B-445F-BFA8-709509F439A6}"?"Tcpip" "{0A666297-B36E-4F50-8893-F45A6E87E749}"?"Tcpip" "{9113C276-5778-4F6F-8737-7DB5FC0856F2}"?"Tcpip" "{CC857AC7-AD6A-451D-82C1-B149BF797F3D}"?"Tcpip" "{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}"?"Tcpip" "{8718928D-CBEB-45EA-A621-800A9249001D}"?"Tcpip6" "{E4CE3BB8-181E-4514-9309-7FDE9946A489}"?"Tcpip6" "{0690EC78-362B-445F-BFA8-709509F439A6}"?"Tcpip6" "{9EBD8C6E-BDE4-4E1B-8922-96D6D3DF9A5F}"?"Tcpip6" "{664D4802-E871-48EE-9ED1-3DAC907379D6}"?"Tcpip6" "{B9362E84-AC3D-4D55-BED1-51E9ED610837}"?"Tcpip6" "{0A666297-B36E-4F50-8893-F45A6E87E749}"?"Tcpip6" "{9113C276-5778-4F6F-8737-7DB5FC0856F2}"?"Tcpip6" "{CC857AC7-AD6A-451D-82C1-B149BF797F3D}"?"Tcpip6" "{B8CFDCCE-3E28-413E-8B45-BC52F60FC54A}"?"Tcpip6" "{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}"?"Tcpip6" "{8718928D-CBEB-45EA-A621-800A9249001D}"?"NetbiosSmb"?"NetBT" "Tcpip" "{E4CE3BB8-181E-4514-9309-7FDE9946A489}"?"NetBT" "Tcpip" "{0690EC78-362B-445F-BFA8-709509F439A6}"?"Ne Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Export \Device\LanmanWorkstation_Tcpip_{E4CE3BB8-181E-4514-9309-7FDE9946A489}?\Device\LanmanWorkstation_Tcpip_{0690EC78-362B-445F-BFA8-709509F439A6}?\Device\LanmanWorkstation_Tcpip_{0A666297-B36E-4F50-8893-F45A6E87E749}?\Device\LanmanWorkstation_Tcpip_{9113C276-5778-4F6F-8737-7DB5FC0856F2}?\Device\LanmanWorkstation_Tcpip_{CC857AC7-AD6A-451D-82C1-B149BF797F3D}?\Device\LanmanWorkstation_Tcpip_{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}?\Device\LanmanWorkstation_Tcpip_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\LanmanWorkstation_Tcpip6_{E4CE3BB8-181E-4514-9309-7FDE9946A489}?\Device\LanmanWorkstation_Tcpip6_{0690EC78-362B-445F-BFA8-709509F439A6}?\Device\LanmanWorkstation_Tcpip6_{9EBD8C6E-BDE4-4E1B-8922-96D6D3DF9A5F}?\Device\LanmanWorkstation_Tcpip6_{664D4802-E871-48EE-9ED1-3DAC907379D6}?\Device\LanmanWorkstation_Tcpip6_{B9362E84-AC3D-4D55-BED1-51E9ED610837}?\Device\LanmanWorkstation_Tcpip6_{0A666297-B36E-4F50-8893-F45A6E87E749}?\Device\LanmanWorkstation_Tcpip6_{9113C276-5778-4F6F-8737-7DB5FC0856F2}?\Device\LanmanWorkstat Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage@Bind \Device\NetBT_Tcpip_{E4CE3BB8-181E-4514-9309-7FDE9946A489}?\Device\NetBT_Tcpip_{0690EC78-362B-445F-BFA8-709509F439A6}?\Device\NetBT_Tcpip_{0A666297-B36E-4F50-8893-F45A6E87E749}?\Device\NetBT_Tcpip_{9113C276-5778-4F6F-8737-7DB5FC0856F2}?\Device\NetBT_Tcpip_{CC857AC7-AD6A-451D-82C1-B149BF797F3D}?\Device\NetBT_Tcpip_{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}?\Device\NetBT_Tcpip_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\NetBT_Tcpip6_{E4CE3BB8-181E-4514-9309-7FDE9946A489}?\Device\NetBT_Tcpip6_{0690EC78-362B-445F-BFA8-709509F439A6}?\Device\NetBT_Tcpip6_{9EBD8C6E-BDE4-4E1B-8922-96D6D3DF9A5F}?\Device\NetBT_Tcpip6_{664D4802-E871-48EE-9ED1-3DAC907379D6}?\Device\NetBT_Tcpip6_{B9362E84-AC3D-4D55-BED1-51E9ED610837}?\Device\NetBT_Tcpip6_{0A666297-B36E-4F50-8893-F45A6E87E749}?\Device\NetBT_Tcpip6_{9113C276-5778-4F6F-8737-7DB5FC0856F2}?\Device\NetBT_Tcpip6_{CC857AC7-AD6A-451D-82C1-B149BF797F3D}?\Device\NetBT_Tcpip6_{B8CFDCCE-3E28-413E-8B45-BC52F60FC54A}?\Device\NetBT_Tcpip6_{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}?\Device\Ne Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage@Route "NetBT" "Tcpip" "{E4CE3BB8-181E-4514-9309-7FDE9946A489}"?"NetBT" "Tcpip" "{0690EC78-362B-445F-BFA8-709509F439A6}"?"NetBT" "Tcpip" "{0A666297-B36E-4F50-8893-F45A6E87E749}"?"NetBT" "Tcpip" "{9113C276-5778-4F6F-8737-7DB5FC0856F2}"?"NetBT" "Tcpip" "{CC857AC7-AD6A-451D-82C1-B149BF797F3D}"?"NetBT" "Tcpip" "{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}"?"NetBT" "Tcpip" "{8718928D-CBEB-45EA-A621-800A9249001D}"?"NetBT" "Tcpip6" "{E4CE3BB8-181E-4514-9309-7FDE9946A489}"?"NetBT" "Tcpip6" "{0690EC78-362B-445F-BFA8-709509F439A6}"?"NetBT" "Tcpip6" "{9EBD8C6E-BDE4-4E1B-8922-96D6D3DF9A5F}"?"NetBT" "Tcpip6" "{664D4802-E871-48EE-9ED1-3DAC907379D6}"?"NetBT" "Tcpip6" "{B9362E84-AC3D-4D55-BED1-51E9ED610837}"?"NetBT" "Tcpip6" "{0A666297-B36E-4F50-8893-F45A6E87E749}"?"NetBT" "Tcpip6" "{9113C276-5778-4F6F-8737-7DB5FC0856F2}"?"NetBT" "Tcpip6" "{CC857AC7-AD6A-451D-82C1-B149BF797F3D}"?"NetBT" "Tcpip6" "{B8CFDCCE-3E28-413E-8B45-BC52F60FC54A}"?"NetBT" "Tcpip6" "{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}"?"NetBT" "Tcpip6" "{8718928D-CBEB-45EA-A621-8 Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage@Export \Device\NetBIOS_NetBT_Tcpip_{E4CE3BB8-181E-4514-9309-7FDE9946A489}?\Device\NetBIOS_NetBT_Tcpip_{0690EC78-362B-445F-BFA8-709509F439A6}?\Device\NetBIOS_NetBT_Tcpip_{0A666297-B36E-4F50-8893-F45A6E87E749}?\Device\NetBIOS_NetBT_Tcpip_{9113C276-5778-4F6F-8737-7DB5FC0856F2}?\Device\NetBIOS_NetBT_Tcpip_{CC857AC7-AD6A-451D-82C1-B149BF797F3D}?\Device\NetBIOS_NetBT_Tcpip_{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}?\Device\NetBIOS_NetBT_Tcpip_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\NetBIOS_NetBT_Tcpip6_{E4CE3BB8-181E-4514-9309-7FDE9946A489}?\Device\NetBIOS_NetBT_Tcpip6_{0690EC78-362B-445F-BFA8-709509F439A6}?\Device\NetBIOS_NetBT_Tcpip6_{9EBD8C6E-BDE4-4E1B-8922-96D6D3DF9A5F}?\Device\NetBIOS_NetBT_Tcpip6_{664D4802-E871-48EE-9ED1-3DAC907379D6}?\Device\NetBIOS_NetBT_Tcpip6_{B9362E84-AC3D-4D55-BED1-51E9ED610837}?\Device\NetBIOS_NetBT_Tcpip6_{0A666297-B36E-4F50-8893-F45A6E87E749}?\Device\NetBIOS_NetBT_Tcpip6_{9113C276-5778-4F6F-8737-7DB5FC0856F2}?\Device\NetBIOS_NetBT_Tcpip6_{CC857AC7-AD6A-451D-82C1-B149BF797F3D}?\Device\Ne Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Linkage@Bind \Device\Tcpip_{E4CE3BB8-181E-4514-9309-7FDE9946A489}?\Device\Tcpip_{0690EC78-362B-445F-BFA8-709509F439A6}?\Device\Tcpip_{0A666297-B36E-4F50-8893-F45A6E87E749}?\Device\Tcpip_{9113C276-5778-4F6F-8737-7DB5FC0856F2}?\Device\Tcpip_{CC857AC7-AD6A-451D-82C1-B149BF797F3D}?\Device\Tcpip_{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}?\Device\Tcpip_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\Tcpip6_{E4CE3BB8-181E-4514-9309-7FDE9946A489}?\Device\Tcpip6_{0690EC78-362B-445F-BFA8-709509F439A6}?\Device\Tcpip6_{9EBD8C6E-BDE4-4E1B-8922-96D6D3DF9A5F}?\Device\Tcpip6_{664D4802-E871-48EE-9ED1-3DAC907379D6}?\Device\Tcpip6_{B9362E84-AC3D-4D55-BED1-51E9ED610837}?\Device\Tcpip6_{0A666297-B36E-4F50-8893-F45A6E87E749}?\Device\Tcpip6_{9113C276-5778-4F6F-8737-7DB5FC0856F2}?\Device\Tcpip6_{CC857AC7-AD6A-451D-82C1-B149BF797F3D}?\Device\Tcpip6_{B8CFDCCE-3E28-413E-8B45-BC52F60FC54A}?\Device\Tcpip6_{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}?\Device\Tcpip6_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\Tcpip_{6037871D-46EB-4306-A4D2-41E692594701}?\Devi Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Linkage@Route "Tcpip" "{E4CE3BB8-181E-4514-9309-7FDE9946A489}"?"Tcpip" "{0690EC78-362B-445F-BFA8-709509F439A6}"?"Tcpip" "{0A666297-B36E-4F50-8893-F45A6E87E749}"?"Tcpip" "{9113C276-5778-4F6F-8737-7DB5FC0856F2}"?"Tcpip" "{CC857AC7-AD6A-451D-82C1-B149BF797F3D}"?"Tcpip" "{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}"?"Tcpip" "{8718928D-CBEB-45EA-A621-800A9249001D}"?"Tcpip6" "{E4CE3BB8-181E-4514-9309-7FDE9946A489}"?"Tcpip6" "{0690EC78-362B-445F-BFA8-709509F439A6}"?"Tcpip6" "{9EBD8C6E-BDE4-4E1B-8922-96D6D3DF9A5F}"?"Tcpip6" "{664D4802-E871-48EE-9ED1-3DAC907379D6}"?"Tcpip6" "{B9362E84-AC3D-4D55-BED1-51E9ED610837}"?"Tcpip6" "{0A666297-B36E-4F50-8893-F45A6E87E749}"?"Tcpip6" "{9113C276-5778-4F6F-8737-7DB5FC0856F2}"?"Tcpip6" "{CC857AC7-AD6A-451D-82C1-B149BF797F3D}"?"Tcpip6" "{B8CFDCCE-3E28-413E-8B45-BC52F60FC54A}"?"Tcpip6" "{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}"?"Tcpip6" "{8718928D-CBEB-45EA-A621-800A9249001D}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Linkage@Export \Device\NetBT_Tcpip_{E4CE3BB8-181E-4514-9309-7FDE9946A489}?\Device\NetBT_Tcpip_{0690EC78-362B-445F-BFA8-709509F439A6}?\Device\NetBT_Tcpip_{0A666297-B36E-4F50-8893-F45A6E87E749}?\Device\NetBT_Tcpip_{9113C276-5778-4F6F-8737-7DB5FC0856F2}?\Device\NetBT_Tcpip_{CC857AC7-AD6A-451D-82C1-B149BF797F3D}?\Device\NetBT_Tcpip_{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}?\Device\NetBT_Tcpip_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\NetBT_Tcpip6_{E4CE3BB8-181E-4514-9309-7FDE9946A489}?\Device\NetBT_Tcpip6_{0690EC78-362B-445F-BFA8-709509F439A6}?\Device\NetBT_Tcpip6_{9EBD8C6E-BDE4-4E1B-8922-96D6D3DF9A5F}?\Device\NetBT_Tcpip6_{664D4802-E871-48EE-9ED1-3DAC907379D6}?\Device\NetBT_Tcpip6_{B9362E84-AC3D-4D55-BED1-51E9ED610837}?\Device\NetBT_Tcpip6_{0A666297-B36E-4F50-8893-F45A6E87E749}?\Device\NetBT_Tcpip6_{9113C276-5778-4F6F-8737-7DB5FC0856F2}?\Device\NetBT_Tcpip6_{CC857AC7-AD6A-451D-82C1-B149BF797F3D}?\Device\NetBT_Tcpip6_{B8CFDCCE-3E28-413E-8B45-BC52F60FC54A}?\Device\NetBT_Tcpip6_{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}?\Device\Ne Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 6841 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 3613 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 806 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 192.168.1.254 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpDomain home Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CC857AC7-AD6A-451D-82C1-B149BF797F3D}@LeaseObtainedTime 1487498920 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CC857AC7-AD6A-451D-82C1-B149BF797F3D}@T1 1487542120 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CC857AC7-AD6A-451D-82C1-B149BF797F3D}@T2 1487574520 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CC857AC7-AD6A-451D-82C1-B149BF797F3D}@LeaseTerminatesTime 1487585320 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}@DhcpIPAddress 192.168.145.43 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}@DhcpSubnetMask 255.255.248.0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}@DhcpServer 192.168.144.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}@Lease 7200 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}@LeaseObtainedTime 1385306383 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}@T1 1385309983 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}@T2 1385312683 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}@LeaseTerminatesTime 1385313583 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}@DhcpNameServer 127.0.0.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}@DhcpDefaultGateway 192.168.144.254? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}@DhcpDomain CN01.com Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}@DhcpSubnetMaskOpt 255.255.248.0? Reg HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6\Linkage@Bind \Device\{6037871D-46EB-4306-A4D2-41E692594701}?\Device\{E4CE3BB8-181E-4514-9309-7FDE9946A489}?\Device\{0690EC78-362B-445F-BFA8-709509F439A6}?\Device\{9EBD8C6E-BDE4-4E1B-8922-96D6D3DF9A5F}?\Device\{664D4802-E871-48EE-9ED1-3DAC907379D6}?\Device\{B9362E84-AC3D-4D55-BED1-51E9ED610837}?\Device\{0A666297-B36E-4F50-8893-F45A6E87E749}?\Device\{9113C276-5778-4F6F-8737-7DB5FC0856F2}?\Device\{CC857AC7-AD6A-451D-82C1-B149BF797F3D}?\Device\{B8CFDCCE-3E28-413E-8B45-BC52F60FC54A}?\Device\{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}?\Device\{8718928D-CBEB-45EA-A621-800A9249001D}? Reg HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6\Linkage@Route "{E4CE3BB8-181E-4514-9309-7FDE9946A489}"?"{0690EC78-362B-445F-BFA8-709509F439A6}"?"{9EBD8C6E-BDE4-4E1B-8922-96D6D3DF9A5F}"?"{664D4802-E871-48EE-9ED1-3DAC907379D6}"?"{B9362E84-AC3D-4D55-BED1-51E9ED610837}"?"{0A666297-B36E-4F50-8893-F45A6E87E749}"?"{9113C276-5778-4F6F-8737-7DB5FC0856F2}"?"{CC857AC7-AD6A-451D-82C1-B149BF797F3D}"?"{B8CFDCCE-3E28-413E-8B45-BC52F60FC54A}"?"{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}"?"{8718928D-CBEB-45EA-A621-800A9249001D}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6\Linkage@Export \Device\Tcpip6_{6037871D-46EB-4306-A4D2-41E692594701}?\Device\Tcpip6_{E4CE3BB8-181E-4514-9309-7FDE9946A489}?\Device\Tcpip6_{0690EC78-362B-445F-BFA8-709509F439A6}?\Device\Tcpip6_{9EBD8C6E-BDE4-4E1B-8922-96D6D3DF9A5F}?\Device\Tcpip6_{664D4802-E871-48EE-9ED1-3DAC907379D6}?\Device\Tcpip6_{B9362E84-AC3D-4D55-BED1-51E9ED610837}?\Device\Tcpip6_{0A666297-B36E-4F50-8893-F45A6E87E749}?\Device\Tcpip6_{9113C276-5778-4F6F-8737-7DB5FC0856F2}?\Device\Tcpip6_{CC857AC7-AD6A-451D-82C1-B149BF797F3D}?\Device\Tcpip6_{B8CFDCCE-3E28-413E-8B45-BC52F60FC54A}?\Device\Tcpip6_{D3DCC4BB-4181-4F46-947F-D0533C9DDEBA}?\Device\Tcpip6_{8718928D-CBEB-45EA-A621-800A9249001D}? Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter 193 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x68 0xDE 0x19 0xBC ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x68 0xDE 0x19 0xBC ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x68 0xDE 0x19 0xBC ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 187 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x68 0xDE 0x19 0xBC ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63623144073807%3bID%3d151DEBC38D90940A!105%3bLR%3d63623144047287%3bEP%3d14%3bSI%3d67%3bTD%3dTrue%3bSO%3d0%3bPI%3d49 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\remotesyncdummyid@PendingOperations 8192 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----