GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-04 15:13:33 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000023 ST1000LM024_HN-M101MBB rev.2BA30001 931,51GB Running: zb221umw.exe; Driver: C:\Users\Natalka\AppData\Local\Temp\fxlyrpog.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [588:612] fffff9600090b2d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c\7516b95f-f776-4464-8c53-06167f40cc99\aded5e82-b909-4619-9949-f5d71dac0bcb@ACSettingIndex 60 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1008208406 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 3367 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 3367 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 9178 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime 157 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 813 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 2950 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeLibraryInitTime 55 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeInitTime 255 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 496 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 3261 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime 315 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 204 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeMapTime 21 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeUnmapTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAllocateTime 3 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 3763 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 3783 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 8021 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 3779 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 8370 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 4560 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 188 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberSharedBufferTime 2 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 14357 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime 4231 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeInitTime 167 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeSharedBufferTime 6 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 264 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelAnimationTime 56 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 357885 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0xA0 0xD2 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 33655 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0xD5 0x36 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 114 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberCompressRate 31 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate 119 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 80 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@MaxHuffRatio 99 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime 2933 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 655 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0xE5 0xE8 0xDB 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\acd1b8e75c98 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\acd1b8e75c98@18002d5e5c67 0xE1 0xB4 0xF6 0x5C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\acd1b8e75c98@08fc8837452c 0xAC 0x1B 0x3B 0x8E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\acd1b8e75c98@2c8a7222d3c5 0x28 0xDF 0x85 0xA0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 38894 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 21189 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 343 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D97FF650-0EA1-43FA-AFBC-D3276D8CEDAF}@LeaseObtainedTime 1486204450 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D97FF650-0EA1-43FA-AFBC-D3276D8CEDAF}@T1 1486506850 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D97FF650-0EA1-43FA-AFBC-D3276D8CEDAF}@T2 1486733650 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D97FF650-0EA1-43FA-AFBC-D3276D8CEDAF}@LeaseTerminatesTime 1486809250 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{44550021-fbb5-4658-bc9c-60b3e0beabc5} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{44550021-fbb5-4658-bc9c-60b3e0beabc5}@ Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{4d531918-b286-461a-8b86-ba799890fd46} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{4d531918-b286-461a-8b86-ba799890fd46}@ Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{ddbc2614-c521-423d-a413-f2bd4d1520ee} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{ddbc2614-c521-423d-a413-f2bd4d1520ee}@ ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Users\Natalka\Downloads\! Torrent\Android\TomTom Android 1.4 APK + Europe Map 950.6492 + Speedcams[PL][.apk]\TomTom Android 1.4 APK + Europe Map 950.6492 + Speedcams[PL][.apk]\tomtom\com.tomtom.europe\files\content\packages\palet\resources\images\navcore\.nomedia 0 bytes File C:\Users\Natalka\Downloads\! Torrent\Android\TomTom Android 1.4 APK + Europe Map 950.6492 + Speedcams[PL][.apk]\TomTom Android 1.4 APK + Europe Map 950.6492 + Speedcams[PL][.apk]\tomtom\com.tomtom.europe\files\content\packages\palet\resources\images\navcore\2322.png 1444 bytes File C:\Users\Natalka\Downloads\! Torrent\Android\TomTom Android 1.4 APK + Europe Map 950.6492 + Speedcams[PL][.apk]\TomTom Android 1.4 APK + Europe Map 950.6492 + Speedcams[PL][.apk]\tomtom\com.tomtom.europe\files\content\packages\palet\resources\images\navcore\2323.png 1444 bytes File C:\Users\Natalka\Downloads\! Torrent\Android\TomTom Android 1.4 APK + Europe Map 950.6492 + Speedcams[PL][.apk]\TomTom Android 1.4 APK + Europe Map 950.6492 + Speedcams[PL][.apk]\tomtom\com.tomtom.europe\files\content\packages\palet\resources\images\navcore\2324.png 1444 bytes File C:\Users\Natalka\Downloads\! Torrent\Android\TomTom Android 1.4 APK + Europe Map 950.6492 + Speedcams[PL][.apk]\TomTom Android 1.4 APK + Europe Map 950.6492 + Speedcams[PL][.apk]\tomtom\com.tomtom.europe\files\content\packages\palet\resources\images\navcore\2330.png 700 bytes File C:\Users\Natalka\Downloads\! Torrent\Android\TomTom Android 1.4 APK + Europe Map 950.6492 + Speedcams[PL][.apk]\TomTom Android 1.4 APK + Europe Map 950.6492 + Speedcams[PL][.apk]\tomtom\com.tomtom.europe\files\content\packages\palet\resources\images\navcore\2331.png 1247 bytes File C:\Users\Natalka\Downloads\! Torrent\Android\TomTom Android 1.4 APK + Europe Map 950.6492 + Speedcams[PL][.apk]\TomTom Android 1.4 APK + Europe Map 950.6492 + Speedcams[PL][.apk]\tomtom\com.tomtom.europe\files\content\packages\palet\resources\images\navcore\2332.png 958 bytes File C:\Users\Natalka\Downloads\! Torrent\Android\TomTom Android 1.4 APK + Europe Map 950.6492 + Speedcams[PL][.apk]\TomTom Android 1.4 APK + Europe Map 950.6492 + Speedcams[PL][.apk]\tomtom\com.tomtom.europe\files\content\packages\palet\resources\images\navcore\2333.png 958 bytes ---- EOF - GMER 2.2 ----