Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have a Rootkit


  • Please log in to reply
No replies to this topic

#1 user122132

user122132

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 25 January 2017 - 05:59 PM

I think I have a rootkit on my laptop and I dont think it is going away when formatting.

 

I scanned with GMER after a fresh install of windows 10.

 

Please find the result below:

 

 

 

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-01-25 14:50:01
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000036 SAMSUNG_MZHPU256HCGL-00004 rev.UXM6601Q 238.47GB
Running: gmer.exe; Driver: C:\Users\PC28\AppData\Local\Temp\kwxdiaob.sys

---- User code sections - GMER 2.2 ----
?       C:\Windows\system32\apphelp.dll [7664] entry point in ".rdata" section                                                                          000000007302f7c0
?       C:\Windows\SYSTEM32\dbgcore.DLL [1460] entry point in ".rdata" section                                                                          0000000071d6c940
?       C:\Windows\SYSTEM32\iertutil.dll [1460] entry point in ".rdata" section                                                                         000000007322fcf0
---- User IAT/EAT - GMER 2.2 ----
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[DMCmnUtils.dll!UnicodeToMB]                            [31006000770065]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!??0bad_cast@@QEAA@AEBV0@@Z]                 [6b006f00540062]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!??0bad_cast@@QEAA@PEBD@Z]                   [650052006e0065]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBD@Z]               [72006f0043002e]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBDH@Z]              [61006300690074]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!??0exception@@QEAA@AEBV0@@Z]                [37003900300032]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!??0exception@@QEAA@XZ]                      [450043002d0034]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!??1bad_cast@@UEAA@XZ]                       [6e006f00700073]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!??1exception@@UEAA@XZ]                      [34002d00320039]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!??1type_info@@UEAA@XZ]                      [6300650053002e]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!??3@YAXPEAX@Z]                              [39003100320041]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!??_V@YAXPEAX@Z]                             [3e00650073]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!?what@exception@@UEBAPEBDXZ]                [650057002e0065]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!___lc_codepage_func]                        [65006c006c006f]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!___lc_handle_func]                          [6f006900740063]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!___mb_cur_max_func]                         [69007400610064]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!__crtLCMapStringW]                          [6b006f00540062]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!__CxxFrameHandler3]                         [750041002e0079]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!__dllonexit]                                [750041002e0079]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!__pctype_func]                              [49002e0073006e]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!__uncaught_exception]                       [74006300650056]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!_amsg_exit]                                 [6e006f00690074]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!_callnewh]                                  [6e006f00690074]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!_CxxThrowException]                         [6e006500680074]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!_errno]                                     [6300650053002e]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!_free_locale]                               [72006f0043002e]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!_get_current_locale]                        [650057002e0065]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!_initterm]                                  [61006300690074]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!_ismbblead]                                 [6e0075006f0046]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!_lock]                                      [730077006f0064]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!_onexit]                                    [74006900720075]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!_purecall]                                  [2d003600330046]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!_unlock]                                    [6e00690057003c]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!_vsnprintf_s]                               [3500380032007b]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!_vsnwprintf]                                [31006000770065]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!_wcsdup]                                    [650052006e0065]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!_wcsicmp]                                   [46004100350035]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!_XcptFilter]                                [6200650057002e]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!abort]                                      [64006e00690057]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!calloc]                                     [43002e006e006f]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!free]                                       [0]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!malloc]                                     [3e00650073]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!memcpy]                                     [74006900720075]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!memcpy_s]                                   [730077006f0064]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!memmove]                                    [6e00690057003c]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!memset]                                     [2e00730077006f]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!setlocale]                                  [3100600072006f]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!sprintf_s]                                  [6e006f00700073]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!wcscat_s]                                   [3200460033002d]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[msvcrt.dll!wcschr]                                     [6200650057002e]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[ntdll.dll!RtlCaptureContext]                           [3a006500630069]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[ntdll.dll!RtlLookupFunctionEntry]                      [7d0045]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\system32\enterpriseresourcemanager.dll[ntdll.dll!RtlVirtualUnwind]                            [76007200650073]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBD@Z]                                     [4d15ff10408b4801]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBDH@Z]                                    [4ce84d8b48000174]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!??0exception@@QEAA@AEBV0@@Z]                                      [16dc715ff406d89]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!??1exception@@UEAA@XZ]                                            [458d4c584d8b4800]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!??1type_info@@UEAA@XZ]                                            [558d48404d8b4800]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!??3@YAXPEAX@Z]                                                    [48f08b48504d8b48]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!??_V@YAXPEAX@Z]                                                   [16e1815ffe84d]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!?what@exception@@UEBAPEBDXZ]                                      [3bae86d894c40]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!__CxxFrameHandler3]                                               [8b0001742115ff38]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!__dllonexit]                                                      [85d88b000174b315]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!_amsg_exit]                                                       [159880fc085]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!_callnewh]                                                        [6d894c404d8b4800]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!_CxxThrowException]                                               [408b48018b480000]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!_initterm]                                                        [8b48000001eb880f]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!_lock]                                                            [48e0558d48504d8b]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!_onexit]                                                          [15ff40408b48018b]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!_purecall]                                                        [8b480d74c9854850]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!_unlock]                                                          [480000020a880fc0]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!_XcptFilter]                                                      [e0558d48504d8b48]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!free]                                                             [d88b0001740215ff]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!malloc]                                                           [68408b48018b4850]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!memcpy]                                                           [178880fc085d8]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!memmove]                                                          [48118b480d74c985]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!memset]                                                           [ff40408b48018b48]
IAT     C:\Windows\System32\svchost.exe[928] @ C:\Windows\System32\iri.dll[msvcrt.dll!tolower]                                                          [1746715ff10428b]
---- Devices - GMER 2.2 ----
Device  \Driver\nvlddmkm \Device\Video2                                                                                                                 fffff8041a6204b0
Device  \Driver\nvlddmkm \Device\Video3                                                                                                                 fffff8041a6204b0
Device  \Driver\nvlddmkm \Device\Video4                                                                                                                 fffff8041a6204b0
Device  \Driver\nvlddmkm \Device\Video5                                                                                                                 fffff8041a6204b0
Device  \Driver\nvlddmkm \Device\NvAdminDevice                                                                                                          fffff8041a6204b0
Device  \Driver\nvlddmkm \Device\UVMLiteController0x1                                                                                                   fffff8041a6204b0
Device  \Driver\nvlddmkm \Device\0000007d                                                                                                               fffff8041a6204b0
---- Threads - GMER 2.2 ----
Thread  C:\Windows\system32\csrss.exe [4784:4848]                                                                                                       fffff29391376c20
---- Registry - GMER 2.2 ----
Reg     HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers@RollingOver                                                                               0x9D 0x4D 0x37 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{AC0723AD-0938-4BED-A938-2BDFF2230A07}\Connection@Name     Local Area Connection* 11
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber                                                              1369676
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                                               1174640627
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Video\{EE3BD375-0A0F-42E3-A58F-4A64BF19A904}\Video@Service                                                BasicDisplay
Reg     HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\UnitedVideo\CONTROL\VIDEO\{EE3BD375-0A0F-42E3-A58F-4A64BF19A904}\0000@DefaultSettings.VRefresh  1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start                                                                                               2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName                                                                          Global\MMF_BITS76fee8dd-bff9-456f-88c7-c2a6c2a7abbe
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BITS                                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Export                                                                              \Device\LanmanServer_NetbiosSmb?\Device\LanmanServer_Tcpip6_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\LanmanServer_NetBT_Tcpip_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\LanmanServer_Tcpip_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\LanmanServer_NetBT_Tcpip6_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\LanmanServer_NetBT_Tcpip_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\LanmanServer_Tcpip6_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\LanmanServer_Tcpip_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\LanmanServer_NetBT_Tcpip6_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\LanmanServer_Tcpip_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\LanmanServer_Tcpip6_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\LanmanServer_NetBT_Tcpip_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\LanmanServer_NetBT_Tcpip6_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\LanmanServer_Tcpip_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\LanmanServer_Tcpip6_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\LanmanServer_Net
Reg     HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Bind                                                                                \Device\NetbiosSmb?\Device\Tcpip6_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\NetBT_Tcpip_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\Tcpip_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\NetBT_Tcpip6_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\NetBT_Tcpip_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\Tcpip6_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\Tcpip_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\NetBT_Tcpip6_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\Tcpip_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\Tcpip6_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\NetBT_Tcpip_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\NetBT_Tcpip6_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\Tcpip_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\Tcpip6_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\NetBT_Tcpip_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\NetBT_Tcpip6_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\Tcpip6_{AC0723AD-0938-4BED-A938-2BDFF2230A07}?\Device\NetBT_Tcpip6_{AC0723AD-0938-4BED-A938-
Reg     HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Route                                                                               "NetbiosSmb"?"Tcpip6" "{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}"?"NetBT" "Tcpip" "{92A04FDF-D5BE-4456-BD72-98D059245A8D}"?"Tcpip" "{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}"?"NetBT" "Tcpip6" "{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}"?"NetBT" "Tcpip" "{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}"?"Tcpip6" "{92A04FDF-D5BE-4456-BD72-98D059245A8D}"?"Tcpip" "{92A04FDF-D5BE-4456-BD72-98D059245A8D}"?"NetBT" "Tcpip6" "{92A04FDF-D5BE-4456-BD72-98D059245A8D}"?"Tcpip" "{4BEE61C8-B153-4293-ADA2-C46768DBA375}"?"Tcpip6" "{4BEE61C8-B153-4293-ADA2-C46768DBA375}"?"NetBT" "Tcpip" "{4BEE61C8-B153-4293-ADA2-C46768DBA375}"?"NetBT" "Tcpip6" "{4BEE61C8-B153-4293-ADA2-C46768DBA375}"?"Tcpip" "{76F4E90C-B630-4AE3-9C15-602F07A08EDE}"?"Tcpip6" "{76F4E90C-B630-4AE3-9C15-602F07A08EDE}"?"NetBT" "Tcpip" "{76F4E90C-B630-4AE3-9C15-602F07A08EDE}"?"NetBT" "Tcpip6" "{76F4E90C-B630-4AE3-9C15-602F07A08EDE}"?"Tcpip6" "{AC0723AD-0938-4BED-A938-2BDFF2230A07}"?"NetBT" "Tcpip6" "{AC0723AD-0938-4BED-A938-2BDFF2230A07}"?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Export                                                                         \Device\LanmanWorkstation_NetbiosSmb?\Device\LanmanWorkstation_Tcpip_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\LanmanWorkstation_NetBT_Tcpip_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\LanmanWorkstation_Tcpip6_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\LanmanWorkstation_NetBT_Tcpip6_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\LanmanWorkstation_NetBT_Tcpip_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\LanmanWorkstation_Tcpip_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\LanmanWorkstation_Tcpip6_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\LanmanWorkstation_NetBT_Tcpip6_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\LanmanWorkstation_Tcpip6_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\LanmanWorkstation_Tcpip_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\LanmanWorkstation_NetBT_Tcpip_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\LanmanWorkstation_NetBT_Tcpip6_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\LanmanWorkstation_Tcpip6_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\LanmanWorkst
Reg     HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Bind                                                                           \Device\NetbiosSmb?\Device\Tcpip_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\NetBT_Tcpip_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\Tcpip6_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\NetBT_Tcpip6_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\NetBT_Tcpip_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\Tcpip_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\Tcpip6_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\NetBT_Tcpip6_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\Tcpip6_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\Tcpip_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\NetBT_Tcpip_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\NetBT_Tcpip6_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\Tcpip6_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\Tcpip_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\NetBT_Tcpip6_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\NetBT_Tcpip_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\NetBT_Tcpip6_{AC0723AD-0938-4BED-A938-2BDFF2230A07}?\Device\Tcpip6_{AC0723AD-0938-4BED-A938-
Reg     HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Route                                                                          "NetbiosSmb"?"Tcpip" "{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}"?"NetBT" "Tcpip" "{92A04FDF-D5BE-4456-BD72-98D059245A8D}"?"Tcpip6" "{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}"?"NetBT" "Tcpip6" "{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}"?"NetBT" "Tcpip" "{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}"?"Tcpip" "{92A04FDF-D5BE-4456-BD72-98D059245A8D}"?"Tcpip6" "{92A04FDF-D5BE-4456-BD72-98D059245A8D}"?"NetBT" "Tcpip6" "{92A04FDF-D5BE-4456-BD72-98D059245A8D}"?"Tcpip6" "{4BEE61C8-B153-4293-ADA2-C46768DBA375}"?"Tcpip" "{4BEE61C8-B153-4293-ADA2-C46768DBA375}"?"NetBT" "Tcpip" "{4BEE61C8-B153-4293-ADA2-C46768DBA375}"?"NetBT" "Tcpip6" "{4BEE61C8-B153-4293-ADA2-C46768DBA375}"?"Tcpip6" "{76F4E90C-B630-4AE3-9C15-602F07A08EDE}"?"Tcpip" "{76F4E90C-B630-4AE3-9C15-602F07A08EDE}"?"NetBT" "Tcpip6" "{76F4E90C-B630-4AE3-9C15-602F07A08EDE}"?"NetBT" "Tcpip" "{76F4E90C-B630-4AE3-9C15-602F07A08EDE}"?"NetBT" "Tcpip6" "{AC0723AD-0938-4BED-A938-2BDFF2230A07}"?"Tcpip6" "{AC0723AD-0938-4BED-A938-2BDFF2230A07}"?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage@Export                                                                                   \Device\NetBIOS_NetBT_Tcpip6_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\NetBIOS_NetBT_Tcpip_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\NetBIOS_NetBT_Tcpip_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\NetBIOS_NetBT_Tcpip6_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\NetBIOS_NetBT_Tcpip_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\NetBIOS_NetBT_Tcpip6_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\NetBIOS_NetBT_Tcpip6_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\NetBIOS_NetBT_Tcpip_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\NetBIOS_NetBT_Tcpip6_{AC0723AD-0938-4BED-A938-2BDFF2230A07}?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage@Bind                                                                                     \Device\NetBT_Tcpip6_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\NetBT_Tcpip_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\NetBT_Tcpip_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\NetBT_Tcpip6_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\NetBT_Tcpip_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\NetBT_Tcpip6_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\NetBT_Tcpip6_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\NetBT_Tcpip_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\NetBT_Tcpip6_{AC0723AD-0938-4BED-A938-2BDFF2230A07}?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage@Route                                                                                    "NetBT" "Tcpip6" "{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}"?"NetBT" "Tcpip" "{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}"?"NetBT" "Tcpip" "{92A04FDF-D5BE-4456-BD72-98D059245A8D}"?"NetBT" "Tcpip6" "{92A04FDF-D5BE-4456-BD72-98D059245A8D}"?"NetBT" "Tcpip" "{4BEE61C8-B153-4293-ADA2-C46768DBA375}"?"NetBT" "Tcpip6" "{4BEE61C8-B153-4293-ADA2-C46768DBA375}"?"NetBT" "Tcpip6" "{76F4E90C-B630-4AE3-9C15-602F07A08EDE}"?"NetBT" "Tcpip" "{76F4E90C-B630-4AE3-9C15-602F07A08EDE}"?"NetBT" "Tcpip6" "{AC0723AD-0938-4BED-A938-2BDFF2230A07}"?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Parameters@MaxLana                                                                               8
Reg     HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Linkage@Export                                                                                     \Device\NetBT_Tcpip_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\NetBT_Tcpip_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\NetBT_Tcpip6_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\NetBT_Tcpip6_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\NetBT_Tcpip6_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\NetBT_Tcpip_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\NetBT_Tcpip6_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\NetBT_Tcpip_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\NetBT_Tcpip6_{AC0723AD-0938-4BED-A938-2BDFF2230A07}?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Linkage@Bind                                                                                       \Device\Tcpip_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\Tcpip_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\Tcpip6_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\Tcpip6_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\Tcpip6_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\Tcpip_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\Tcpip6_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\Tcpip_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\Tcpip6_{AC0723AD-0938-4BED-A938-2BDFF2230A07}?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Linkage@Route                                                                                      "Tcpip" "{92A04FDF-D5BE-4456-BD72-98D059245A8D}"?"Tcpip" "{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}"?"Tcpip6" "{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}"?"Tcpip6" "{92A04FDF-D5BE-4456-BD72-98D059245A8D}"?"Tcpip6" "{4BEE61C8-B153-4293-ADA2-C46768DBA375}"?"Tcpip" "{4BEE61C8-B153-4293-ADA2-C46768DBA375}"?"Tcpip6" "{76F4E90C-B630-4AE3-9C15-602F07A08EDE}"?"Tcpip" "{76F4E90C-B630-4AE3-9C15-602F07A08EDE}"?"Tcpip6" "{AC0723AD-0938-4BED-A938-2BDFF2230A07}"?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                                 12
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                                5
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage@Export                                                                                    \Device\Tcpip6_{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\Tcpip6_{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\Tcpip6_{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\Tcpip6_{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\Tcpip6_{AC0723AD-0938-4BED-A938-2BDFF2230A07}?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage@Bind                                                                                      \Device\{92A04FDF-D5BE-4456-BD72-98D059245A8D}?\Device\{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}?\Device\{4BEE61C8-B153-4293-ADA2-C46768DBA375}?\Device\{76F4E90C-B630-4AE3-9C15-602F07A08EDE}?\Device\{AC0723AD-0938-4BED-A938-2BDFF2230A07}?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage@Route                                                                                     "{92A04FDF-D5BE-4456-BD72-98D059245A8D}"?"{B7C80A23-5419-43FF-A8AC-8DEADB70C65A}"?"{4BEE61C8-B153-4293-ADA2-C46768DBA375}"?"{76F4E90C-B630-4AE3-9C15-602F07A08EDE}"?"{AC0723AD-0938-4BED-A938-2BDFF2230A07}"?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6TUNNEL\Linkage@Export                                                                              \Device\TCPIP6TUNNEL_{AC0723AD-0938-4BED-A938-2BDFF2230A07}?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6TUNNEL\Linkage@Bind                                                                                \Device\{AC0723AD-0938-4BED-A938-2BDFF2230A07}?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6TUNNEL\Linkage@Route                                                                               "{AC0723AD-0938-4BED-A938-2BDFF2230A07}"?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated                                                             0xDE 0xDA 0xE9 0x67 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh                                                                  0xDE 0x42 0xAE 0xC9 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow                                                                   0xDE 0x72 0x25 0x06 ...
---- Disk sectors - GMER 2.2 ----
Disk    \Device\Harddisk0\DR0                                                                                                                           unknown MBR code
---- EOF - GMER 2.2 ----

 

 

Any help is greatly appreciated. Thanks a lot.

Attached Files

  • Attached File  log.log   30.48KB   1 downloads

Edited by hamluis, 25 January 2017 - 06:04 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users