GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-05 14:06:01 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000029 ST1000DM rev.CC82 931,51GB Running: wn0e9qj7.exe; Driver: C:\Users\Matek\AppData\Local\Temp\afadrkod.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [676:720] fffffa43f4816c20 Thread C:\WINDOWS\Explorer.EXE [3812:6084] 00007ffd5fa520e0 Thread C:\WINDOWS\Explorer.EXE [3812:2264] 00007ffd5fa520e0 ---- Services - GMER 2.2 ---- Service C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (*** hidden *** ) [MANUAL] Disc Soft Lite Bus Service <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -796642146 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x0B 0xE7 0x02 0x71 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x0B 0x4F 0xC7 0xD2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x0B 0x7F 0x3E 0x0F ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{15fa36a7-4763-11e6-976b-20cf3095a7ff} Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{15fa36a7-4763-11e6-976b-20cf3095a7ff}@Drive Type 1048593 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{15fa36a7-4763-11e6-976b-20cf3095a7ff}@IsImapiDataBurnSupported 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{731864e6-267d-11e6-9727-20cf3095a7ff} Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{731864e6-267d-11e6-9727-20cf3095a7ff}@Drive Type 1048593 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{731864e6-267d-11e6-9727-20cf3095a7ff}@IsImapiDataBurnSupported 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{15fa36a7-4763-11e6-976b-20cf3095a7ff}@Active 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{731864e6-267d-11e6-9727-20cf3095a7ff}@Active 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@DAEMON Tools Lite Automount "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome 0x6B 0x59 0x9C 0xC0 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel 0xA3 0x0A 0x74 0x5C ... ---- EOF - GMER 2.2 ----