GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-03-26 20:59:33 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BB2O 111,79GB Running: 6x2ddujg.exe; Driver: C:\Users\HENRYK~1\AppData\Local\Temp\kxxdyaok.sys ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73CE7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73D25EFD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73CEBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73CDF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73CE75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73CDE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73D392D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73CEDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73CDFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73CDFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73CD71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73D6CB4F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73D0C840] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73CDD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73CD6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73CD687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73CE2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19227_none_9e528838ca1611c0\gdiplus.dll ---- Devices - GMER 2.2 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\tdx \Device\Tcp epfwtdir.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 42484 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate@LastRestorePointSetTime 2016-03-22 06:40:21 Reg HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates@ASSignatureVersion 1.215.2718.0 Reg HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates@SignatureLocation C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AB41BDD7-98FF-4908-8E5A-68CD1C1BDE89} Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Officejet H470 series@ChangeID 280864 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP@LastIndex 1717 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore@LastIndex 1717 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----