GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-18 14:02:14 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000032 ST1000LM024_HN-M101MBB rev.2BA30001 931,51GB Running: htpihndk.exe; Driver: C:\Users\Justynaa\AppData\Local\Temp\kxldypow.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\SYSTEM32\iertutil.dll [2752] entry point in ".rdata" section 000000006fc1d3c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6420] entry point in ".rdata" section 000000006fc1d3c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [5648] entry point in ".rdata" section 000000006fc1d3c0 ? C:\WINDOWS\system32\apphelp.dll [2596] entry point in ".rdata" section 0000000070210380 ? C:\WINDOWS\system32\mssprxy.dll [2656] entry point in ".rdata" section 000000006d3aa4e0 ? C:\Windows\SYSTEM32\iertutil.dll [2656] entry point in ".rdata" section 000000006fc1d3c0 ? C:\WINDOWS\SYSTEM32\apphelp.dll [2656] entry point in ".rdata" section 0000000070210380 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [2656] entry point in ".rdata" section 000000006bb4bb10 ? C:\Windows\SYSTEM32\ActXPrxy.dll [2656] entry point in ".rdata" section 000000006ecdbd10 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [2252] entry point in ".rdata" section 000000006bb4bb10 ? C:\WINDOWS\system32\apphelp.dll [2452] entry point in ".rdata" section 0000000070210380 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\WINDOWS\Explorer.EXE[5192] @ C:\WINDOWS\Explorer.EXE[USER32.dll!DeferWindowPos] [7ffcdd1e1da0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5192] @ C:\WINDOWS\Explorer.EXE[USER32.dll!EndPaint] [7ffcdd1e1f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5192] @ C:\WINDOWS\Explorer.EXE[USER32.dll!SetWindowPos] [7ffcdd1e1bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5192] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!MoveWindow] [7ffcdd1e1a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5192] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!DeferWindowPos] [7ffcdd1e1da0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5192] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!EndPaint] [7ffcdd1e1f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5192] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!SetWindowPos] [7ffcdd1e1bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5192] @ C:\WINDOWS\SYSTEM32\UxTheme.dll[USER32.dll!SetWindowPos] [7ffcdd1e1bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5192] @ C:\WINDOWS\SYSTEM32\TWINAPI.dll[USER32.dll!SetWindowPos] [7ffcdd1e1bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5192] @ C:\WINDOWS\system32\IMM32.DLL[USER32.dll!SetWindowPos] [7ffcdd1e1bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5192] @ C:\WINDOWS\system32\IMM32.DLL[USER32.dll!EndPaint] [7ffcdd1e1f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5192] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145\COMCTL32.dll[USER32.dll!DeferWindowPos] [7ffcdd1e1da0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5192] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145\COMCTL32.dll[USER32.dll!EndPaint] [7ffcdd1e1f40] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5192] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145\COMCTL32.dll[USER32.dll!MoveWindow] [7ffcdd1e1a60] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll IAT C:\WINDOWS\Explorer.EXE[5192] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145\COMCTL32.dll[USER32.dll!SetWindowPos] [7ffcdd1e1bf0] C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [6404:6628] fffff9605d064030 Thread C:\WINDOWS\system32\CompatTelRunner.exe [1784:2980] 00007ffcdf07b090 Thread C:\WINDOWS\Explorer.EXE [5192:7424] 0000000059a86550 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -373594250 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 2362 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bd1c829f-fe5a-4c6a-921e-6baa9915e79a}@LeaseObtainedTime 1471518376 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bd1c829f-fe5a-4c6a-921e-6baa9915e79a}@T1 1471520176 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bd1c829f-fe5a-4c6a-921e-6baa9915e79a}@T2 1471521526 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bd1c829f-fe5a-4c6a-921e-6baa9915e79a}@LeaseTerminatesTime 1471521976 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x38 0x6A 0x83 0xFE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x38 0xD2 0x47 0x60 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x38 0x02 0xBF 0x9C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0x86 0xF2 0x2E 0x03 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting@LastRateLimitedDumpGenerationTime 0x9C 0xC0 0x0F 0x69 ... Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_1c9f258e162a534a4e6ee018d853dbe4b6dead_c7999639_13ae3441 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----