GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-05 00:11:26 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002d WDC_WD5000LPVX-80V0TT0 rev.01.01A01 465,76GB Running: 0f45cymy.exe; Driver: C:\Users\Nowaki\AppData\Local\Temp\uxldqpow.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [552:576] fffff960009982d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xF2 0xE9 0x88 0x6F ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xF2 0xE9 0x88 0x6F ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 35 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\CMO15A70_1F_07DA_95^E31A9EA2CA573A9B957AE374289AD020@Timestamp 0x4A 0x36 0xD5 0x6F ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -264828977 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID f229689c-6cc1-4b99-8827-5709dd6 Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{060dd6b1-cede-4856-ba4f-9a2e205730dc} Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices\{00001101-0000-1000-8000-00805f9b34fb} Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices\{00001101-0000-1000-8000-00805f9b34fb}@ Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\HidBth Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{addee6e8-fe77-4f12-bb37-88e189baeb71}@LastProbeTime 1462399611 Reg HKLM\SYSTEM\CurrentControlSet\Services\ialm\Device0@ProfilingToolValues 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ??r?, ?maj ?04 ?16, 11:00:48??????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 6491 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 4180 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 37 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8ECE1DB4-EF06-4DE4-8E85-5A9AA77B4C06}@LeaseObtainedTime 1462392401 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8ECE1DB4-EF06-4DE4-8E85-5A9AA77B4C06}@T1 1462435601 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8ECE1DB4-EF06-4DE4-8E85-5A9AA77B4C06}@T2 1462468001 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8ECE1DB4-EF06-4DE4-8E85-5A9AA77B4C06}@LeaseTerminatesTime 1462478801 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient@SpecialPollTimeRemaining time.windows.com,7cff311??????????? Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 5 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Blocked 5 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\Users\Nowaki\AppData\Local\Microsoft\Windows\WER\ReportArchive\Critical_iexplore.exe_f3f4a6bed44dd3e7f3d7bcd90a9a476d75d3d_bb89ceaa_074b43a0 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----