GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-15 00:17:17 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 SAMSUNG_HD502HI rev.1AG01118 465,76GB Running: i30ztksk.exe; Driver: C:\Users\Adrian\AppData\Local\Temp\uxldrpod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000144300 7 bytes [00, A1, F3, FF, 41, B4, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000144308 3 bytes [00, 07, 02] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3756] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000747011a8 2 bytes [70, 74] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3756] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000747013a8 2 bytes [70, 74] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3756] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000074701422 2 bytes [70, 74] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3756] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000074701498 2 bytes [70, 74] .text C:\Users\Adrian\Desktop\LegendaryClient.V2.2.1.3\Client\LegendaryClient.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075cd1465 2 bytes [CD, 75] .text C:\Users\Adrian\Desktop\LegendaryClient.V2.2.1.3\Client\LegendaryClient.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075cd14bb 2 bytes [CD, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [1440:1700] 000007fef7bd35c0 Thread C:\Windows\system32\svchost.exe [1440:1704] 000007fef7bd5600 Thread C:\Windows\system32\svchost.exe [1440:2324] 000007fefa972888 Thread C:\Windows\system32\svchost.exe [1440:2328] 000007fefa962940 Thread C:\Windows\system32\svchost.exe [1440:2860] 000007fefa972a40 Thread C:\Windows\System32\svchost.exe [1964:2952] 000007fef20a9688 Thread C:\Users\Adrian\Desktop\Sharp\LeagueSharp.Loader.exe [2712:4088] 000000006ba032fb Thread C:\Users\Adrian\Desktop\Sharp\LeagueSharp.Loader.exe [2712:884] 000000005f56c660 Thread C:\Users\Adrian\Desktop\Sharp\LeagueSharp.Loader.exe [2712:3904] 000000005f07fad0 Thread C:\Users\Adrian\Desktop\Sharp\LeagueSharp.Loader.exe [2712:2500] 000000005f07fad0 Thread C:\Users\Adrian\Desktop\Sharp\LeagueSharp.Loader.exe [2712:1392] 000000005f07fad0 Thread C:\Users\Adrian\Desktop\Sharp\LeagueSharp.Loader.exe [2712:668] 00000000737a784b ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{125C4FAF-8776-4E90-A306-1BB7AC348470}@LeaseObtainedTime 1423951730 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{125C4FAF-8776-4E90-A306-1BB7AC348470}@T1 1423952010 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{125C4FAF-8776-4E90-A306-1BB7AC348470}@T2 1423952235 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{125C4FAF-8776-4E90-A306-1BB7AC348470}@LeaseTerminatesTime 1423952330 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3531A543-B57D-3BC6-DCA3-B9E41B275812} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3531A543-B57D-3BC6-DCA3-B9E41B275812}@maildnacpdpeldolcojpcadfnp 0x6F 0x61 0x62 0x65 ... ---- Files - GMER 2.1 ---- File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\CB61DFC502326C49C1384F875AAC1B13A8472194 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\614CA6F2D797BDFB5F63EAA822A6D20B09BACF17 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\920E1E804A3F76DEF27A4D7AAC5249D0A1FDEAF0 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\C91BE9394102DE87EE05FE7A29E6939E664F2E28 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\23760720F1993A7D6B97EB9D90E6BEB340A56BAF 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\CA1FE70F09FD2A3A1B0BAB37EC1D8E79CE865F27 9139 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\5DD3A2A569B7CF1CF2E10C1241A18B09414B2354 521 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\9AE8AF8F52D5321389F44D5059A3E8A43E39914F 1213 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\D10C29C0295D48C8238C84A0F978F4B9DD5CA02D 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\31978026958DA760912C56F813A63E1B31CB2822 1559 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\632E414353B5F018C7FBCA11649AF16118F67F61 201573 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\403423FB4631B1A89688A65EE98B3D6CBC09676D 31841 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\D960A03F0496380A74A42980CB16DB5D73E81A6C 2069 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\A6DE538B703455308D35935063A1306F04CBBB37 436 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\645A380FCC1839E767A514A6ABE5BEC4E17EDCE9 2162 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\03A3EA0E5E279DAD80BE2C48FDBEC2BAE30E90FB 2228 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\548592A4779FB9A8E04E7FFEAF39A19D425F1D69 945 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\678961D0F09D626E6313C9653CFAC09E2DFD0B7C 1374 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\2296A40F89ABCB3EBA76546617E9F6846222C1AC 11765 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\1E31CF2B7F7FA957D229C8C4040DC2970636C0FB 3522 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\A7EE29AB7DD3EA40502610F9973937CF631FADCC 1242 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\85EBA8E274EB854A281FD050636794E4886BD54A 2249 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\0279E8DCB340612FA7ED78965667CAEE8F5D4D98 55998 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\C7E24BEB2E67166010EF94C7AA178B9D4A4D0252 1851 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\EA95B1BCBFE81AA8F1C0B5D8E0FB898453D5CF5E 1097 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\870B858E3422BCA54812C0F0794A1253E3ED859C 0 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\3030963FDE7FA11FE677B182F9681129A9D457F9 1757 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\DC96F6405ECE535BF16A977C111609465400DFD7 2828 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\BCD75FE20BE6E920D0BFEC91925D8CA861535C27 34900 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\B8140325F9FB5D76BB29BDDC4BC412D59D3FBF1A 1480 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\270DA549644F14144EFE51F71E8BDCE5727CFD4C 137609 bytes File C:\Users\Adrian\AppData\Local\Mozilla\Firefox\Profiles\5g1hqdrw.default-1422033479014\cache2\entries\1323C215A1250836E0606825DCDBF0E1F3935108 1851 bytes ---- EOF - GMER 2.1 ----