GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-29 13:59:01 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1 ST500DM002-1BD142 rev.KC44 465,76GB Running: wdqsc3ne.exe; Driver: C:\Users\Seba\AppData\Local\Temp\uwldypoc.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [596:648] fffff96136d94060 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control@LastBootShutdown 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xDA 0x22 0x9B 0xE5 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x5F 0x04 0xA9 0xF7 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x73 0x39 0x9B 0xE5 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xC3 0x66 0xAB 0xF7 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 51 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\BNQ788898B04121SL0_22_07DB_BF^CD4D0BA5257526F8CC0DAEE782F105F2@Timestamp 0xF4 0x84 0x50 0xE7 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 708 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Users\Seba\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\Seba\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\Seba\AppData\Local\Temp\nsrFB46.tmp\ImgEngine.dll??\??\C:\Users\Seba\AppData\Local\Temp\nsrFB46.tmp\??\??\C:\Users\Seba\AppData\Local\Temp\nsrFB46.tmp\Lang\ENU.dll??\??\C:\Users\Seba\AppData\Local\Temp\nsrFB46.tmp\Lang\PLK.dll??\??\C:\Users\Seba\AppData\Local\Temp\nsrFB46.tmp\ImgEngine.dll??\??\C:\Users\Seba\AppData\Local\Temp\nsrFB46.tmp\?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 1356570 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1345035287 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 52 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 495484027 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 14866 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID c861ca10-1c63-4039-bebc-5a9d37a Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\WdiContextLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{bc9f017e-93ab-4827-b77a-fdc4219bf4b7}@LastProbeTime 1485686525 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?niedz.?, ?sty ?29 ?17, 10:46:38??????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 50 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{96da6e7f-43f9-4a6d-9947-4daab09f4c9f}@LeaseObtainedTime 1485682922 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{96da6e7f-43f9-4a6d-9947-4daab09f4c9f}@T1 1485686522 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{96da6e7f-43f9-4a6d-9947-4daab09f4c9f}@T2 1485689222 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{96da6e7f-43f9-4a6d-9947-4daab09f4c9f}@LeaseTerminatesTime 1485690122 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xAB 0x20 0x71 0x5A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xAB 0x88 0x35 0xBC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xAB 0xB8 0xAC 0xF8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0x11 0x3E 0x2B 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter 1413 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance@MessageTime 0xF3 0x78 0xA2 0x9C ... ---- Files - GMER 2.2 ---- File C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Session Storage\021865.log 59663 bytes ---- EOF - GMER 2.2 ----