GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-03-02 15:57:40
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002b GOODRAM rev.SAFM12.2 223,57GB
Running: hikus2zq.exe; Driver: C:\Users\GIGABYTE\AppData\Local\Temp\uxrdypoc.sys


---- User code sections - GMER 2.2 ----

?       C:\Windows\SYSTEM32\iertutil.dll [2512] entry point in ".rdata" section              000000006e981590
?       C:\Windows\system32\wbem\wbemsvc.dll [2612] entry point in ".rdata" section          000000006fd38fc0
?       C:\Windows\system32\wbem\wbemsvc.dll [6020] entry point in ".rdata" section          000000006fd38fc0
?       C:\Windows\system32\apphelp.dll [7004] entry point in ".rdata" section               0000000069adf7c0
?       C:\Windows\SYSTEM32\iertutil.dll [7004] entry point in ".rdata" section              000000006e981590
?       C:\Windows\SYSTEM32\dbgcore.DLL [7004] entry point in ".rdata" section               00000000741ec940
?       C:\Windows\System32\ActXPrxy.dll [7004] entry point in ".rdata" section              00000000645c9c50
?       C:\Windows\SYSTEM32\NTASN1.dll [7004] entry point in ".rdata" section                000000006569a020
?       C:\Windows\system32\wbem\wbemsvc.dll [7004] entry point in ".rdata" section          000000006fd38fc0
?       C:\Windows\system32\ncryptsslp.dll [7004] entry point in ".rdata" section            0000000067a404f0
?       C:\Windows\system32\apphelp.dll [7096] entry point in ".rdata" section               0000000069adf7c0
?       C:\Windows\SYSTEM32\dbgcore.DLL [7096] entry point in ".rdata" section               00000000741ec940
?       C:\Windows\SYSTEM32\dbgcore.DLL [3100] entry point in ".rdata" section               00000000741ec940
?       C:\Windows\system32\apphelp.dll [2496] entry point in ".rdata" section               0000000069adf7c0
?       C:\Windows\SYSTEM32\iertutil.dll [2496] entry point in ".rdata" section              000000006e981590
?       C:\Windows\SYSTEM32\NTASN1.dll [2496] entry point in ".rdata" section                000000006569a020
?       C:\Windows\SYSTEM32\dbgcore.DLL [2496] entry point in ".rdata" section               00000000741ec940
?       C:\Windows\SYSTEM32\atlthunk.dll [2496] entry point in ".data" section               000000006b354290
?       C:\Windows\system32\mssprxy.dll [2496] entry point in ".rdata" section               00000000586da650
?       C:\Windows\System32\smartscreenps.dll [2496] entry point in ".rdata" section         0000000066f058a0
?       C:\Windows\system32\apphelp.dll [2892] entry point in ".rdata" section               0000000069adf7c0
?       C:\Windows\SYSTEM32\iertutil.dll [2892] entry point in ".rdata" section              000000006e981590
?       C:\Windows\system32\apphelp.dll [2716] entry point in ".rdata" section               0000000069adf7c0
?       C:\Windows\SYSTEM32\iertutil.dll [2716] entry point in ".rdata" section              000000006e981590
?       C:\Windows\SYSTEM32\dbgcore.DLL [2716] entry point in ".rdata" section               00000000741ec940
?       C:\Windows\system32\apphelp.dll [3716] entry point in ".rdata" section               0000000069adf7c0
?       C:\Windows\SYSTEM32\iertutil.dll [3716] entry point in ".rdata" section              000000006e981590
?       C:\Windows\System32\mfh264enc.dll [3716] entry point in ".rdata" section             0000000059c74e30
?       C:\Windows\SYSTEM32\dbgcore.DLL [3716] entry point in ".rdata" section               00000000741ec940
?       C:\Windows\system32\apphelp.dll [900] entry point in ".rdata" section                0000000069adf7c0
?       C:\Windows\SYSTEM32\iertutil.dll [900] entry point in ".rdata" section               000000006e981590
?       C:\Windows\system32\apphelp.dll [800] entry point in ".rdata" section                0000000069adf7c0
?       C:\Windows\SYSTEM32\iertutil.dll [800] entry point in ".rdata" section               000000006e981590
?       C:\Windows\system32\apphelp.dll [8468] entry point in ".rdata" section               0000000069adf7c0
?       C:\Windows\SYSTEM32\iertutil.dll [8468] entry point in ".rdata" section              000000006e981590
?       C:\Windows\system32\apphelp.dll [720] entry point in ".rdata" section                0000000069adf7c0
?       C:\Windows\SYSTEM32\iertutil.dll [720] entry point in ".rdata" section               000000006e981590
?       C:\Windows\system32\apphelp.dll [5876] entry point in ".rdata" section               0000000069adf7c0
?       C:\Windows\SYSTEM32\dbgcore.DLL [5876] entry point in ".rdata" section               00000000741ec940

---- Threads - GMER 2.2 ----

Thread  C:\Windows\system32\csrss.exe [692:820]                                              fffff099f8ba6c20
Thread  C:\Windows\system32\csrss.exe [692:828]                                              fffff099f8ba6c20

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed    535928827
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated  0xAE 0xEC 0x08 0x8C ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh       0xAE 0x54 0xCD 0xED ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow        0xAE 0x84 0x44 0x2A ...

---- Files - GMER 2.2 ----

File    C:\Windows\Temp\WAXA970.tmp                                                          (size mismatch) 7831552/0 bytes executable

---- EOF - GMER 2.2 ----