GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-24 18:34:36 Windows 6.3.9600 x64 \Device\Harddisk0\DR0 -> \Device\00000037 Samsung_ rev.EXT0 232,89GB Running: jhnmqgsg.exe; Driver: C:\Users\Kajczos\AppData\Local\Temp\ugtoipog.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [520:528] fffff960009952d0 ---- Processes - GMER 2.1 ---- Process C:\Users\Kajczos\AppData\Local\Temp\Rar$EXa0.244\jhnmqgsg.exe (*** suspicious ***) @ C:\Users\Kajczos\AppData\Local\Temp\Rar$EXa0.244\jhnmqgsg.exe [676](2015-02-04 12:59:56) 0000000000400000 ---- Services - GMER 2.1 ---- Service C:\Windows\system32\drivers\IOMap64.sys (*** hidden *** ) [DISABLED] IOMap <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions NOEXECUTE=OPTIN USEPLATFORMCLOCK Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 764 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900120 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -479554774 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 143 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 446143050 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID f3d8d19d-2d18-4c60-bb9a-2afd2d4 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\UnitedVideo\SERVICES\BASICDISPLAY@DefaultSettings.XResolution 2560 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\UnitedVideo\SERVICES\BASICDISPLAY@DefaultSettings.YResolution 1440 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\54271ebde65b Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\54271ebde65b@6c709fbeea07 0x74 0x49 0xD9 0x15 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\IOMap Reg HKLM\SYSTEM\CurrentControlSet\Services\IOMap@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\IOMap@Start 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\IOMap@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\IOMap@ImagePath \??\C:\Windows\system32\drivers\IOMap64.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\IOMap@DisplayName IOMap Reg HKLM\SYSTEM\CurrentControlSet\Services\IOMap@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\IOMap@DeleteFlag 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\IOMap\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\IOMap Reg HKLM\SYSTEM\CurrentControlSet\Services\mbamchameleon@RefCount 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Action Center@ReNotifyCount 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Layout_MaximumAvailableHeightCells 18 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Layout_AvailableHeightCells 12 ---- EOF - GMER 2.1 ----