GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-22 08:24:17 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000038 KINGSTON_SH103S3120G rev.580ABBF0 111,79GB Running: sng21p1s.exe; Driver: C:\Users\PAWEKA~1\AppData\Local\Temp\pxldapow.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [620:644] fffff960009572d0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xFC 0xCD 0x67 0x89 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xA3 0x43 0x65 0xE1 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xFC 0xCD 0x67 0x89 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xA3 0x43 0x65 0xE1 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 25 Reg HKLM\SYSTEM\CurrentControlSet\Control\CrashControl@LastCrashTime 0x6D 0xA3 0xE8 0x3F ... Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SAM0440HMFQ900072_25_07D8_27^1B06B05CCC7DD600934855B8F7D36F7C@Timestamp 0x28 0x21 0xBD 0x89 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 720 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 278955065 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 14f84713-9431-4fd3-9f01-724ee0d Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{681acd0e-dcf8-487d-9b49-4f9ba67a9d52} Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm\Parameters\Wdf@TimeOfLastSqmLog 0x48 0x76 0x1A 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{a0c503f0-c0e5-4ab8-8672-125ac6806d49}@LastProbeTime 1429532396 Reg HKLM\SYSTEM\CurrentControlSet\Services\ialm\Device0@ProfilingToolValues 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{10CB483C-48DD-4DDB-B6CC-838B649DBB80}@DefunctTimestamp 0xC4 0x3A 0x37 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastSqmLog 0xD8 0x41 0xA3 0xE1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PEAUTH\Parameters\Wdf@TimeOfLastSqmLog 0xF6 0x97 0xE9 0xE3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 2756 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 386 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 27 Reg HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters\Wdf@TimeOfLastSqmLog 0xAB 0x0C 0xCD 0xDC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpdUpFltr\Parameters\Wdf@TimeOfLastSqmLog 0x6B 0x57 0xF1 0xC6 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\PostBootReminders Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\PostBootReminders\Microsoft.NetDriveReconnectFailed Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\PostBootReminders\Microsoft.NetDriveReconnectFailed@Title Nie mo?na ponownie pod??czy? niekt?rych dysk?w sieciowych Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\PostBootReminders\Microsoft.NetDriveReconnectFailed@Text Kliknij tutaj, aby sprawdzi? stan dysk?w sieciowych. Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\PostBootReminders\Microsoft.NetDriveReconnectFailed@IconResource shell32.dll,-11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\PostBootReminders\Microsoft.NetDriveReconnectFailed@ShellExecute ::{20D04FE0-3AEA-1069-A2D8-08002B30309D} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\PostBootReminders\Microsoft.NetDriveReconnectFailed@ShowTime 120000 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\PostBootReminders\Microsoft.NetDriveReconnectFailed@RetryInterval 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\PostBootReminders\Microsoft.NetDriveReconnectFailed@RetryCount 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\PostBootReminders\Microsoft.NetDriveReconnectFailed@TypeFlags 2 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_f04fbd8d62a0e6fa7ae02e8633c0ca24703b9_00000000_cab_04c1ec72 ---- EOF - GMER 2.1 ----