GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-25 22:26:30 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003a ST1000LM024_HN-M101MBB rev.2BA30001 931,51GB Running: jj1qqe5r.exe; Driver: C:\Users\domin\AppData\Local\Temp\ugndyaod.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [672:732] ffff868c5d736c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\SWD\MMDEVAPI\{0.0.0.00000000}.{AA8D9C5F-D922-4CCB-9B1A-C0C9C973B78C}\Interfaces\{e6327cad-dcec-4949-ae8a-991e976a79d2}\Properties\{a2a3fff4-353f-407c-9d86-1f9dc7d5a606}\0002@ 0x64 0x62 0x02 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -559455642 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\1002b5872f1b Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\34-8a-ae-40-e6-e2@ClientLocalPort 61378 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\34-8a-ae-40-e6-e2@AddressCreationTimestamp 0xB3 0xBD 0xF4 0x0D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\34-8a-ae-40-e6-e2@NatDetectionTimestamp 0xB3 0xBD 0xF4 0x0D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\34-8a-ae-40-e6-e2@UPnPExternalPort 61378 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\34-8a-ae-40-e6-e2@TeredoAddress 2001:0:5ef5:79fd:1c38:103d:acea:68d4 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1707 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 272 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{703def05-4496-4645-b59c-542d62d02f44}@LeaseObtainedTime 1474825493 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{703def05-4496-4645-b59c-542d62d02f44}@T1 1474868693 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{703def05-4496-4645-b59c-542d62d02f44}@T2 1474901093 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{703def05-4496-4645-b59c-542d62d02f44}@LeaseTerminatesTime 1474911893 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{703def05-4496-4645-b59c-542d62d02f44}@Dhcpv6State 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Endorsement@EkRetryLast 0xC0 0x98 0xA0 0x72 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x36 0x42 0x14 0x81 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x36 0xAA 0xD8 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x36 0xDA 0x4F 0x1F ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:E5C174B8-D107-4312-B7A2-D753533E05FF\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:E5C174B8-D107-4312-B7A2-D753533E05FF\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\MMDEVAPI\{0.0.0.00000000}.{AA8D9C5F-D922-4CCB-9B1A-C0C9C973B78C}\Interfaces\{e6327cad-dcec-4949-ae8a-991e976a79d2}\Properties\{a2a3fff4-353f-407c-9d86-1f9dc7d5a606}\0002@ 0x64 0x62 0x02 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 37 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome 0x19 0x28 0x50 0x31 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{3C333688-32D5-437D-ADE9-2FE6CB0BA694}@LastAccessedTime 0x60 0x49 0x06 0x06 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{3C333688-32D5-437D-ADE9-2FE6CB0BA694}@LaunchCount 14 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----