GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-04 13:33:21 Windows 6.3.9600 x64 \Device\Harddisk0\DR0 -> \Device\00000042 WDC_WD5000LPVX-80V0TT0 rev.01.01A01 465,76GB Running: gmer.exe; Driver: C:\Users\Marcin\AppData\Local\Temp\uxloapow.sys ---- User code sections - GMER 2.1 ---- .text C:\windows\Explorer.EXE[772] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 714 00007fff7ce8154a 4 bytes [E8, 7C, FF, 7F] .text C:\windows\Explorer.EXE[772] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 722 00007fff7ce81552 4 bytes [E8, 7C, FF, 7F] .text C:\windows\Explorer.EXE[772] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 98 00007fff7ce8162a 4 bytes [E8, 7C, FF, 7F] .text C:\windows\Explorer.EXE[772] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 122 00007fff7ce81642 4 bytes [E8, 7C, FF, 7F] ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\csrss.exe [460:496] fffff960008beb90 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions NOEXECUTE=OPTIN HYPERVISORLAUNCHTYPE=AUTO Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 788 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3873930 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 19070732 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 154 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 413642265 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 11215 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 7588 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 87b68192-b699-46fc-9e51-a9cdd5e Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\UnitedVideo\SERVICES\BASICDISPLAY@DefaultSettings.XResolution 1366 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\240a6427b548 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\240a6427b548@f81edf977e2e 0x8D 0x7F 0x40 0x79 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\240a6427b548@c8147946e022 0xA3 0x45 0xEF 0xCC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\240a6427b548@00be107b2f70 0x23 0x5F 0x71 0x97 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 13492 13498 13510 13520 13530 13550 13594 13604 13642 13648 13664 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 13670 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 13671 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 13492 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 13493 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----