GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-03 17:20:58 Windows 6.2.9200 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2 KINGSTON_SV300S37A120G rev.583ABBF0 111,79GB Running: 1xh323ps.exe; Driver: C:\Users\Damian\AppData\Local\Temp\uxliqpow.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [504:528] fffff960009b42d0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x4D 0x29 0xDF 0x16 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x6F 0x26 0x7D 0xB2 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x4D 0x29 0xDF 0x16 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x6F 0x26 0x7D 0xB2 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 65 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\LEN40A10_01_07DA_08^AD090B0743C976868A82949C817BA01A@Timestamp 0x3D 0x9A 0xBB 0x17 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{792ABB3E-8DFC-42F0-819D-28FF8402C5A3}\Connection@Name Reusable ISATAP Interface {792ABB3E-8DFC-42F0-819D-28FF8402C5A3} Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900045 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1157040495 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 68 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 459815379 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 9891 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 9258 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID ce22cf5e-a00e-4f97-8a95-4944dfd Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\a4db3045b14f Reg HKLM\SYSTEM\CurrentControlSet\Services\bthserv\Parameters\BluetoothControlPanelTasks@State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{e3f4a74b-b8e5-46e8-9e86-d76ce8fc1ae8}@LastProbeTime 1449161768 Reg HKLM\SYSTEM\CurrentControlSet\Services\IBMPMSVC\Parameters\Notification@Type2 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{792ABB3E-8DFC-42F0-819D-28FF8402C5A3}@InterfaceName Reusable ISATAP Interface {792ABB3E-8DFC-42F0-819D-28FF8402C5A3} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{792ABB3E-8DFC-42F0-819D-28FF8402C5A3}@ReusableType 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 4638 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 767 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 67 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 2593 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9335DD52-5CA9-4D79-8F62-A0673160568B}@LeaseObtainedTime 1449158160 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9335DD52-5CA9-4D79-8F62-A0673160568B}@T1 1449201360 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9335DD52-5CA9-4D79-8F62-A0673160568B}@T2 1449233760 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9335DD52-5CA9-4D79-8F62-A0673160568B}@LeaseTerminatesTime 1449244560 Reg HKLM\SYSTEM\CurrentControlSet\Services\TPM@OsBootCount 60 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList@MRUList abc Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 190 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xE5 0x66 0x5C 0xD8 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce@Report C:\AdwCleaner\AdwCleaner[C1].txt Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 2 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting@LastRateLimitedDumpGenerationTime 0x51 0x9B 0x43 0x31 ... Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting@LastWatsonCabUploaded 0x66 0x63 0x8B 0x31 ... ---- EOF - GMER 2.1 ----