GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-07-29 21:23:52 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000042 INTEL_SSDSCKJW120H6 rev.RG11 111,79GB Running: x5suwbv7.exe; Driver: C:\Users\Kamil\AppData\Local\Temp\pgdyykog.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [712:10912] fffff3435e9a6c20 Thread C:\WINDOWS\system32\mmc.exe [29660:29284] 00007fffff70d600 Thread C:\WINDOWS\system32\mmc.exe [29660:29264] 00007fffff741bc0 Thread C:\WINDOWS\system32\mmc.exe [29660:27356] 00007fffff741bc0 Thread C:\WINDOWS\system32\mmc.exe [29660:4716] 00007fffff609ae0 Thread C:\WINDOWS\system32\mmc.exe [29660:29236] 00007fffff741bc0 Thread C:\WINDOWS\system32\mmc.exe [29660:29240] 00007ffff7495160 Thread C:\WINDOWS\system32\mmc.exe [29660:29252] 00007fffff741bc0 Thread C:\WINDOWS\system32\mmc.exe [29660:29268] 00007fffff741bc0 Thread C:\WINDOWS\system32\mmc.exe [29660:29408] 00007fffff741bc0 Thread C:\WINDOWS\system32\mmc.exe [29660:29600] 00007fffff741bc0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SDC37520_00_07DE_51^71E5750D47079BEEECB0EF42E5FABF7B@Timestamp 0x06 0x27 0xB7 0xF1 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{515A1EA4-B8E3-4350-A565-8ECFB42AACCE}\Connection@Name Reusable ISATAP Interface {515A1EA4-B8E3-4350-A565-8ECFB42AACCE} Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 763475260 Reg HKLM\SYSTEM\CurrentControlSet\Services\ASP.NET_4.0.30319\Names@FYWincQxZLDhYv7LQtxtQXr1tLZPijDH5U52ibF09djL41nfsVq9yNoWRMltJTWsZ5YtGmAUW48K2lRgvNNTVQv3YOfVO5r5COwmAHNtXPLoNBcj7J0QJb 152368 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\a434d9517330 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\a434d9517330@8ddd783b5a91 0xCB 0x7C 0x85 0x13 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\a434d9517330@4c21d0e9d495 0xAD 0x40 0x72 0x08 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\a434d9517330@a08d165a5f12 0xD5 0xBB 0x77 0x27 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{515A1EA4-B8E3-4350-A565-8ECFB42AACCE}@InterfaceName Reusable ISATAP Interface {515A1EA4-B8E3-4350-A565-8ECFB42AACCE} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{515A1EA4-B8E3-4350-A565-8ECFB42AACCE}@ReusableType 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\90-5c-44-cc-59-36@AddressCreationTimestamp 0x01 0xB9 0x8C 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\90-5c-44-cc-59-36@NatDetectionTimestamp 0xA6 0xCD 0x8B 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastTelemetryLog 0xB1 0x39 0x6D 0xCB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Performance@1023 0x3B 0xC4 0x20 0xFE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 28802 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 26831 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81933889-39fa-4ef8-9d72-1c319d2bcb78}@LeaseObtainedTime 1501308925 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81933889-39fa-4ef8-9d72-1c319d2bcb78}@T1 1501310725 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81933889-39fa-4ef8-9d72-1c319d2bcb78}@T2 1501312075 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81933889-39fa-4ef8-9d72-1c319d2bcb78}@LeaseTerminatesTime 1501312525 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fa879649-bd3f-490f-ad04-3a1a23d103e5}@LeaseObtainedTime 1501308930 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fa879649-bd3f-490f-ad04-3a1a23d103e5}@T1 1501310730 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fa879649-bd3f-490f-ad04-3a1a23d103e5}@T2 1501312080 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fa879649-bd3f-490f-ad04-3a1a23d103e5}@LeaseTerminatesTime 1501312530 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xC9 0xDD 0xCB 0x79 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xC9 0x45 0x90 0xDB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xC9 0x75 0x07 0x18 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate@LastAutoAppUpdateSearchSuccessTime 2017-07-28 10:16:09 ---- EOF - GMER 2.2 ----