GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-07 17:09:43 Windows 6.3.9600 x64 \Device\Harddisk0\DR0 -> \Device\0000002c WDC_WD3200BPVT-22JJ5T0 rev.01.01A01 298,09GB Running: tjgj54fy.exe; Driver: C:\Users\Filip\AppData\Local\Temp\uxdoapog.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\Explorer.EXE[344] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 714 00007ffcc38f154a 4 bytes [8F, C3, FC, 7F] .text C:\WINDOWS\Explorer.EXE[344] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 722 00007ffcc38f1552 4 bytes [8F, C3, FC, 7F] .text C:\WINDOWS\Explorer.EXE[344] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 98 00007ffcc38f162a 4 bytes [8F, C3, FC, 7F] .text C:\WINDOWS\Explorer.EXE[344] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 122 00007ffcc38f1642 4 bytes [8F, C3, FC, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [448:472] fffff960009c74d0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions NOEXECUTE=OPTIN HYPERVISORLAUNCHTYPE=AUTO Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 632 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3873805 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -962959134 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 16 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 406150661 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 8691 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 37cfbf45-b4b9-4210-b7cf-22ffbae Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 2 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AITEventLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SQMLogger@FileCounter 6 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@PreviousScaleFactor 100 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Layout_MaximumAvailableHeightCells 6 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Layout_AvailableHeightCells 6