GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-29 22:29:33 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000031 KINGSTON_SV300S37A120G rev.521ABBF0 111,79GB Running: ewbhzupu.exe; Driver: C:\Users\-\AppData\Local\Temp\pxldapow.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [568:596] fffff960008852d0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x30 0xC9 0x18 0x48 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xEE 0xDB 0xE5 0xB7 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x30 0xC9 0x18 0x48 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xEE 0xDB 0xE5 0xB7 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 31 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\PHLC0AAUHB1343027894_2B_07DD_E0^070ED2229AB9464893DF1F520781DA16@Timestamp 0x11 0x96 0x7B 0x49 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 700 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 411875937 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID a2b38942-d961-4d8f-9ba9-30b7b75 Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{29296239-ba55-4705-9023-a2c00087914f} Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{520e75db-b381-48bd-8c65-60525b0b6ca2}@LastProbeTime 1419890355 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-01-5c-24-96-c0@ClientLocalPort 56816 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-01-5c-24-96-c0@AddressCreationTimestamp 0x49 0x53 0xB2 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-01-5c-24-96-c0@TeredoAddress 2001:0:9d38:6abd:3c8d:76b0:e049:a04f Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?Pn?, ?gru ?29 ?14, 10:00:04??????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 2191 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 4439 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x04 0x74 0x66 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x87 0x32 0x04 0x0C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x89 0x94 0xA9 0x91 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 33 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6B0A3531-E958-49CF-9EBF-0F80E3DA851D}@LeaseObtainedTime 1419886749 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6B0A3531-E958-49CF-9EBF-0F80E3DA851D}@T1 1420491249 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6B0A3531-E958-49CF-9EBF-0F80E3DA851D}@T2 1420491249 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6B0A3531-E958-49CF-9EBF-0F80E3DA851D}@LeaseTerminatesTime 1420491549 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0xA6 0x5F 0xB7 0x51 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0xA6 0x5F 0xB7 0x51 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0xA6 0x5F 0xB7 0x51 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0xA6 0x5F 0xB7 0x51 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63555333910907%3bID%3dBB398AB4590B4B10!171%3bLR%3d63555483564237%3bEP%3d4%3bTD%3dTrue%3bSO%3d0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0x4D 0x64 0x14 0x05 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 0 ---- EOF - GMER 2.1 ----