GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-16 14:02:33 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000033 HGST_HTS545050A7E680 rev.GG2OAF10 465,76GB Running: ylmuhd0m.exe; Driver: C:\Users\Hania\AppData\Local\Temp\pwddipow.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [608:632] fffff960009662d0 Thread C:\Windows\system32\svchost.exe [1412:2420] 00007ff94d351600 Thread C:\Windows\system32\svchost.exe [1412:2436] 00007ff94d211b70 Thread C:\Windows\system32\svchost.exe [1412:2896] 00007ff9540b4440 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control@LastBootShutdown 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x2C 0xD1 0x74 0x2F ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xF8 0x76 0x9D 0xC9 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 48 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\AUO323C0_00_07DD_F6^33F5F3467CCC94E17EF50E81B0F0D2E2@Timestamp 0x67 0x8A 0x58 0x30 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 672 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{96CDBA31-09C2-4E19-B017-7563BED8878F}\Connection@Name Reusable ISATAP Interface {96CDBA31-09C2-4E19-B017-7563BED8878F} Reg HKLM\SYSTEM\CurrentControlSet\Control\PnP@DisableLKG 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900028 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1036339230 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 51 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 440308537 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 4261 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 3981 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 804e69ec-7dae-49c7-ad7b-a2f2d7c Reg HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\TrustedInstaller@Events CreateSession Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AITEventLog@FileCounter 3 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SQMLogger@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\8086f25ba2ce Reg HKLM\SYSTEM\CurrentControlSet\Services\bthserv\Parameters\BluetoothControlPanelTasks@State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{64d2440d-5372-42a5-8e8e-40950eec9327}@LastProbeTime 1429190400 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{96CDBA31-09C2-4E19-B017-7563BED8878F}@InterfaceName Reusable ISATAP Interface {96CDBA31-09C2-4E19-B017-7563BED8878F} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{96CDBA31-09C2-4E19-B017-7563BED8878F}@ReusableType 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?Cz?, ?kwi ?16 ?15, 01:21:16??????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\SDScannerService@ServiceWebPortFileScannerActive 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\SDScannerService@ServiceWebPortFirewallActive 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\SDUpdateService@ServiceWebPortActive 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 11758 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 6011 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 49 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14BA5E5F-95FE-4B55-8E03-0C329D3C7301}@LeaseObtainedTime 1429183194 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14BA5E5F-95FE-4B55-8E03-0C329D3C7301}@T1 1429226394 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14BA5E5F-95FE-4B55-8E03-0C329D3C7301}@T2 1429258794 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14BA5E5F-95FE-4B55-8E03-0C329D3C7301}@LeaseTerminatesTime 1429269594 Reg HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore@Count 740 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_ylmuhd0m.exe_8c3352029f07ace3d7464194def9b473c415ca_9d4e7be1_0f21bb7a Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0x26 0x03 0x02 0x00 ... Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CloseDialog 0x26 0x03 0x02 0x00 ... ---- EOF - GMER 2.1 ----