GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-06-04 23:48:57
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002d ST1000LM014-SSHD-8GB rev.LVD4 931,51GB
Running: hyzfrh2l.exe; Driver: C:\Users\LENOVO\AppData\Local\Temp\fxlyrpog.sys


---- Kernel code sections - GMER 2.2 ----

.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                fffff960000caa00 15 bytes [00, 31, EF, 01, 00, 36, 6A, ...]
.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16                                                                           fffff960000caa10 11 bytes [00, E4, FB, FF, C0, 4B, E6, ...]

---- Threads - GMER 2.2 ----

Thread  C:\WINDOWS\system32\csrss.exe [1132:2772]                                                                                      fffff960009a42d0
Thread  C:\WINDOWS\Explorer.EXE [4064:5336]                                                                                            00007fff2884e630
Thread  C:\WINDOWS\Explorer.EXE [4064:8544]                                                                                            00007fff23cee630
Thread  C:\WINDOWS\Explorer.EXE [4064:8500]                                                                                            00007fff3f43e630

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                              1250490889
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start                                                                              2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BITS                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\f406696e5612                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                               1569
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAE1F49E-CF6A-4108-ACAB-0AD4E356D69C}@LeaseObtainedTime    1465067197
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAE1F49E-CF6A-4108-ACAB-0AD4E356D69C}@T1                   1465070797
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAE1F49E-CF6A-4108-ACAB-0AD4E356D69C}@T2                   1465073497
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAE1F49E-CF6A-4108-ACAB-0AD4E356D69C}@LeaseTerminatesTime  1465074397
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\iexplore@Count                 2
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{553891B7-A0D5-4526-BE18-D3CE461D6310}\iexplore@Count                 2
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime                                                             0x0E 0x32 0x68 0x8F ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Store@LastTileRefresh                                                           0x5D 0x0C 0x02 0x09 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Store\RefreshBannedAppList@BannedAppsLastModified                               0x80 0x05 0xA2 0xB7 ...

---- Disk sectors - GMER 2.2 ----

Disk    \Device\Harddisk0\DR0                                                                                                          unknown MBR code

---- EOF - GMER 2.2 ----