GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-17 13:35:47 Windows 6.2.9200 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-6 WDC_WD3200AAKS-00G3A0 rev.40.00A40 298,09GB Running: e943er98.exe; Driver: C:\Users\qvvas\AppData\Local\Temp\kglcipow.sys ---- Threads - GMER 2.1 ---- Thread System [4:1020] ffffe0003e0f5db0 Thread C:\WINDOWS\system32\csrss.exe [552:3504] fffff960008742d0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xC9 0xA3 0x48 0x6C ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x63 0x51 0x50 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xC9 0xA3 0x48 0x6C ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xDD 0xDA 0x59 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 223 Reg HKLM\SYSTEM\CurrentControlSet\Control\CrashControl@LastCrashTime 0x6F 0x85 0xAE 0xAF ... Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\BNQ7F2DM2E00556SL0_07_07DE_E0^DD65D8888999CA2D9EB948B4B397B272@Timestamp 0x29 0x30 0x19 0xAC ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 588 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1829000211 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 31cd8a55-7b05-4fda-a7a3-3d8268c Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{a82edaac-3a77-4825-9512-6ac4cb70a0c1} Reg HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\TrustedInstaller@Events CreateSession Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{2e71f24e-ffca-42ee-b0e5-8b9f0b098fef}@LastProbeTime 1426592311 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{4cac724e-45d2-44bb-850f-61a0ee436f7f}@LastProbeTime 1426592311 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?Wt?, ?mar ?17 ?15, 12:49:22??????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 10870 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 3139 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 225 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 192.168.0.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15E34884-7246-4AD7-88A4-D82D9F0C194B}@LeaseObtainedTime 1426588711 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15E34884-7246-4AD7-88A4-D82D9F0C194B}@T1 1442356711 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15E34884-7246-4AD7-88A4-D82D9F0C194B}@T2 1454182711 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15E34884-7246-4AD7-88A4-D82D9F0C194B}@LeaseTerminatesTime 1458124711 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DD8466AF-867F-4E8E-9683-5FCCC39C7A73}@LeaseObtainedTime 1426592305 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DD8466AF-867F-4E8E-9683-5FCCC39C7A73}@T1 1426595905 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DD8466AF-867F-4E8E-9683-5FCCC39C7A73}@T2 1426598605 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DD8466AF-867F-4E8E-9683-5FCCC39C7A73}@LeaseTerminatesTime 1426599505 Reg HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}\iexplore@Count 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0x21 0xF5 0x9C 0x61 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 1 Reg HKCU\Software\Microsoft\Windows\DWM@ColorizationAfterglow -1354450463 Reg HKCU\Software\Microsoft\Windows\DWM@ColorizationBlurBalance 12 Reg HKCU\Software\Microsoft\Windows\DWM@ColorizationColor -1354450463 Reg HKCU\Software\Microsoft\Windows\DWM@ColorizationColorBalance 78 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_3pmo4r5n.exe_a32f6aad45af859269f491eccde4b47662d5917a_77ffa0f3_17120ecd Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0xB6 0x05 0x0D 0x00 ... Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CloseDialog 0xC0 0x05 0x09 0x00 ... ---- EOF - GMER 2.1 ----