GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-09-24 10:21:12 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000035 KINGSTON_SUV400S37120G rev.0C3J96R9 111,79GB Running: epiunv6m.exe; Driver: C:\Users\Art\AppData\Local\Temp\kxldrpog.sys ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [624:656] fffff960009542d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xC6 0xBE 0x89 0x17 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xFD 0x85 0x1F 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xE0 0xE1 0x89 0x17 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xFD 0x85 0x1F 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 48 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\GSM5AB816843009_01_07DE_64^155E1DB0AE198F249274A031416B0B40@Timestamp 0x77 0xF0 0x50 0x18 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 692 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900028 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1519975362 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 51 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 515560199 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 1828472 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 1828249 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID a1372d3d-7825-4057-9e6f-b2aa775 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{86674ff2-9ae5-4f2f-8576-01e7deb708d9}@LastProbeTime 1506248050 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1577 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 478 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 50 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{85A12CBD-89C6-4A60-B455-12D66ED2AF79}@LeaseObtainedTime 1506240848 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{85A12CBD-89C6-4A60-B455-12D66ED2AF79}@T1 1506244448 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{85A12CBD-89C6-4A60-B455-12D66ED2AF79}@T2 1506247148 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{85A12CBD-89C6-4A60-B455-12D66ED2AF79}@LeaseTerminatesTime 1506248048 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 ---- EOF - GMER 2.2 ----