GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-17 08:30:23 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c INTEL_SSDSC2BP240G4 rev.L2010410 223,57GB Running: 2ul4rnxd.exe; Driver: C:\Users\User\AppData\Local\Temp\pgriapow.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\system32\wbem\wbemsvc.dll [2088] entry point in ".rdata" section 00000000711b8fa0 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [2088] entry point in ".rdata" section 000000007000bb10 ? C:\WINDOWS\SYSTEM32\wship6.dll [2180] entry point in ".rdata" section 00000000727624b0 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [2180] entry point in ".rdata" section 00000000711b8fa0 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [4008] entry point in ".rdata" section 00000000711b8fa0 ? C:\Windows\SYSTEM32\iertutil.dll [4008] entry point in ".rdata" section 000000006dedcb70 ? C:\WINDOWS\system32\mssprxy.dll [4008] entry point in ".rdata" section 00000000700ca4e0 ? C:\WINDOWS\SYSTEM32\wship6.dll [5464] entry point in ".rdata" section 00000000727624b0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [5464] entry point in ".rdata" section 000000006dedcb70 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [5464] entry point in ".rdata" section 000000007000bb10 ? C:\WINDOWS\system32\apphelp.dll [3308] entry point in ".rdata" section 0000000071290380 ? C:\WINDOWS\SYSTEM32\iertutil.dll [3308] entry point in ".rdata" section 000000006dedcb70 ? C:\WINDOWS\system32\apphelp.dll [6424] entry point in ".rdata" section 0000000071290380 ? C:\WINDOWS\system32\apphelp.dll [2928] entry point in ".rdata" section 0000000071290380 ? C:\WINDOWS\SYSTEM32\iertutil.dll [2928] entry point in ".rdata" section 000000006dedcb70 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [2928] entry point in ".rdata" section 000000007000bb10 ? C:\WINDOWS\system32\apphelp.dll [6608] entry point in ".rdata" section 0000000071290380 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6608] entry point in ".rdata" section 000000006dedcb70 ? C:\WINDOWS\system32\apphelp.dll [6880] entry point in ".rdata" section 0000000071290380 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6880] entry point in ".rdata" section 000000006dedcb70 ? C:\WINDOWS\system32\apphelp.dll [7640] entry point in ".rdata" section 0000000071290380 ? C:\WINDOWS\SYSTEM32\iertutil.dll [7640] entry point in ".rdata" section 000000006dedcb70 ? C:\WINDOWS\SYSTEM32\wship6.dll [6984] entry point in ".rdata" section 00000000727624b0 ? C:\Windows\SYSTEM32\ActXPrxy.dll [6984] entry point in ".rdata" section 000000006fbabd10 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [6984] entry point in ".rdata" section 000000007000bb10 ? C:\WINDOWS\system32\apphelp.dll [7388] entry point in ".rdata" section 0000000071290380 ? C:\WINDOWS\SYSTEM32\iertutil.dll [7388] entry point in ".rdata" section 000000006dedcb70 ? C:\WINDOWS\system32\mssprxy.dll [7388] entry point in ".rdata" section 00000000700ca4e0 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [7388] entry point in ".rdata" section 000000007000bb10 ? C:\WINDOWS\system32\apphelp.dll [4904] entry point in ".rdata" section 0000000071290380 ? C:\WINDOWS\SYSTEM32\iertutil.dll [4904] entry point in ".rdata" section 000000006dedcb70 ? C:\WINDOWS\system32\apphelp.dll [3796] entry point in ".rdata" section 0000000071290380 ? C:\WINDOWS\SYSTEM32\iertutil.dll [3796] entry point in ".rdata" section 000000006dedcb70 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [3796] entry point in ".rdata" section 000000007000bb10 ? C:\WINDOWS\system32\apphelp.dll [992] entry point in ".rdata" section 0000000071290380 ? C:\WINDOWS\SYSTEM32\iertutil.dll [992] entry point in ".rdata" section 000000006dedcb70 ? C:\WINDOWS\system32\apphelp.dll [6908] entry point in ".rdata" section 0000000071290380 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6908] entry point in ".rdata" section 000000006dedcb70 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [616:668] fffff96114514060 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [5472:6336] 00007fffafba8f90 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [5472:5900] 00007fffa145b530 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [5472:5344] 00007fffafbaa090 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [5472:7256] 00007fffae140880 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [5472:7116] 00007fffafba8f90 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [5472:3984] 00007fffae5eecf0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [5472:5588] 00007fffa0a5fc00 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [5472:5864] 00007fffa11f6a00 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 29359423 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 610 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xA7 0xF3 0xBB 0xD7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xA7 0x5B 0x80 0x39 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xA7 0x8B 0xF7 0x75 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0x74 0xAA 0x6E 0x01 ... ---- EOF - GMER 2.2 ----