GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-09 19:08:40 Windows 6.3.9600 x64 \Device\Harddisk0\DR0 -> \Device\00000036 MTFDDAK256MAM-1K1 rev.070H 238,47GB Running: v2ei4z6n.exe; Driver: C:\Users\ARKADI~1\AppData\Local\Temp\kxlyyfoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\ntoskrnl.exe!NtCallbackReturn + 960 fffff80135fc7f00 84 bytes [40, 01, A8, FF, 02, C4, 66, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\Explorer.EXE[1144] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 714 00007ffa362c154a 4 bytes [2C, 36, FA, 7F] .text C:\Windows\Explorer.EXE[1144] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 722 00007ffa362c1552 4 bytes [2C, 36, FA, 7F] .text C:\Windows\Explorer.EXE[1144] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 98 00007ffa362c162a 4 bytes [2C, 36, FA, 7F] .text C:\Windows\Explorer.EXE[1144] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 122 00007ffa362c1642 4 bytes [2C, 36, FA, 7F] .text C:\Windows\Explorer.EXE[1144] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa3c39169a 4 bytes [39, 3C, FA, 7F] .text C:\Windows\Explorer.EXE[1144] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa3c3916a2 4 bytes [39, 3C, FA, 7F] .text C:\Windows\Explorer.EXE[1144] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa3c39181a 4 bytes [39, 3C, FA, 7F] .text C:\Windows\Explorer.EXE[1144] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa3c391832 4 bytes [39, 3C, FA, 7F] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [468:476] fffff96000938b90 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions NOEXECUTE=OPTIN Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 976 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900220 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1006314451 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 243 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 434760628 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 7240 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 6944 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 8d51b500-820f-499b-b01b-2216680 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 3 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\UnitedVideo\SERVICES\BASICDISPLAY@DefaultSettings.XResolution 1366 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\b8763fd6283e Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 11851 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 2198 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 831 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpDomain RLWW2680597@dialnet.pl Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 192.168.1.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications@MobileBroadbandLastResetDate 0xBF 0x24 0xEB 0xEF ... ---- EOF - GMER 2.1 ----