GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-12-07 19:39:42
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000036 ST1000LM014-SSHD-8GB rev.LVD3 931,51GB
Running: dqqlzf3w.exe; Driver: C:\Users\Wojtas\AppData\Local\Temp\ufldqpow.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                fffff960001ee100 15 bytes [40, A1, F1, 01, C0, E7, 6B, ...]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 16                                                                           fffff960001ee110 11 bytes [00, 22, FC, FF, C0, DC, CA, ...]

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [3440:6020]                                                                                      fffff960008cd2d0

---- Services - GMER 2.1 ----

Service  C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (*** hidden *** )                                                    [MANUAL] Disc Soft Lite Bus Service                           <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                              -1113496304
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\fcf8ae81f465                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Disc Soft Lite Bus Service                                                              
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Disc Soft Lite Bus Service@Type                                                         16
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Disc Soft Lite Bus Service@Start                                                        3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Disc Soft Lite Bus Service@ErrorControl                                                 1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Disc Soft Lite Bus Service@ImagePath                                                    "C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe"
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Disc Soft Lite Bus Service@DisplayName                                                  Disc Soft Lite Bus Service
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Disc Soft Lite Bus Service@DependOnService                                              RPCSS?
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Disc Soft Lite Bus Service@ObjectName                                                   LocalSystem
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Disc Soft Lite Bus Service                                                              
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                1277
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                               259
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D64E924C-5686-44DC-8799-2A92FC00D72E}@LeaseObtainedTime    1449509501
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D64E924C-5686-44DC-8799-2A92FC00D72E}@T1                   1449552701
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D64E924C-5686-44DC-8799-2A92FC00D72E}@T2                   1449585101
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D64E924C-5686-44DC-8799-2A92FC00D72E}@LeaseTerminatesTime  1449595901

---- EOF - GMER 2.1 ----