GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-05 23:40:12 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000030 ADATA_SP550 rev.P0705AB 223,57GB Running: igc8f1j6.exe; Driver: C:\Users\MICHA~1\AppData\Local\Temp\kwnirkod.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\SYSTEM32\iertutil.dll [2396] entry point in ".rdata" section 00000000716716f0 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [2396] entry point in ".rdata" section 000000006f1ca020 ? C:\WINDOWS\system32\ncryptsslp.dll [2396] entry point in ".rdata" section 000000006f1a04f0 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [2660] entry point in ".rdata" section 000000006f1ca020 ? C:\WINDOWS\system32\ncryptsslp.dll [2660] entry point in ".rdata" section 000000006f1a04f0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [2776] entry point in ".rdata" section 00000000716716f0 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [8028] entry point in ".rdata" section 000000006f1ca020 ? C:\WINDOWS\system32\ncryptsslp.dll [8028] entry point in ".rdata" section 000000006f1a04f0 ? C:\WINDOWS\system32\apphelp.dll [8028] entry point in ".rdata" section 000000006e38f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [7576] entry point in ".rdata" section 00000000716716f0 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [7576] entry point in ".rdata" section 000000006e078fc0 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [7576] entry point in ".rdata" section 000000006f1ca020 ? C:\WINDOWS\SYSTEM32\iertutil.dll [8212] entry point in ".rdata" section 00000000716716f0 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [8212] entry point in ".rdata" section 000000006f1ca020 ? C:\WINDOWS\SYSTEM32\dbgcore.DLL [8212] entry point in ".rdata" section 000000006d45c940 ? C:\WINDOWS\system32\ncryptsslp.dll [8212] entry point in ".rdata" section 000000006f1a04f0 ? C:\Windows\System32\OneCoreUAPCommonProxyStub.dll [8212] entry point in ".rdata" section 0000000056e67ec0 ? C:\WINDOWS\system32\apphelp.dll [9824] entry point in ".rdata" section 000000006e38f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [10060] entry point in ".rdata" section 00000000716716f0 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [10060] entry point in ".rdata" section 000000006e078fc0 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [124] entry point in ".rdata" section 000000006e078fc0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [124] entry point in ".rdata" section 00000000716716f0 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [124] entry point in ".rdata" section 000000006f1ca020 ? C:\WINDOWS\system32\ncryptsslp.dll [124] entry point in ".rdata" section 000000006f1a04f0 ? C:\WINDOWS\system32\apphelp.dll [3756] entry point in ".rdata" section 000000006e38f7c0 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [720:272] ffffef941c136c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -969303357 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\b881980f15c6 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x0E 0x41 0x10 0xC3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x0E 0xA9 0xD4 0x24 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x0E 0xD9 0x4B 0x61 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----