GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-07 11:37:29 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 GOODRAM_CX100 rev.SAFM11.0 111,79GB Running: dqsvib84[1].exe; Driver: C:\Users\adaml\AppData\Local\Temp\uftdifod.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [540:668] fffff298ba536c20 Thread C:\WINDOWS\system32\csrss.exe [540:676] fffff298ba536c20 Thread C:\WINDOWS\system32\SettingSyncHost.exe [1056:968] 00007ffdbe19c820 Thread C:\WINDOWS\system32\SettingSyncHost.exe [1056:4944] 00007ffdbe19c820 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x73 0xAD 0x87 0x37 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x8F 0x10 0x0D 0x39 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x73 0xAD 0x87 0x37 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xD9 0x72 0x0F 0x39 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 25 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\DELA0B5MG4R34AV0ERL_2C_07DE_17+GSM4B3E220446_08_07D7_5C^75DCE4B6830E1446D5C20691F5129B1B@Timestamp 0xFA 0x40 0x79 0x49 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 628 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\WINDOWS\system32\DRIVERS\SET9DAB.tmp??\??\C:\WINDOWS\system32\SETA0E0.tmp??\??\C:\WINDOWS\system32\SETA379.tmp??\??\C:\WINDOWS\system32\SETA39B.tmp??\??\C:\WINDOWS\system32\SETAF55.tmp??\??\C:\WINDOWS\SysWOW64\SETB34F.tmp??\??\C:\WINDOWS\SysWOW64\SETB3FD.tmp??\??\C:\WINDOWS\system32\DRIVERS\SETC72A.tmp??\??\C:\WINDOWS\system32\SETC73C.tmp??\??\C:\WINDOWS\system32\SETC74D.tmp??\??\C:\WINDOWS\system32\SETC790.tmp??\??\C:\WINDOWS\SysWOW64\SETC84E.tmp??\??\C:\WINDOWS\SysWOW64\SETD49E.tmp??\??\C:\WINDOWS\SysWOW64\SETD4EE.tmp??\??\C:\Windows.old\WINDOWS\System32\drivers\Hamdrv.sys??\??\C:\Windows.old\WINDOWS\System32\DriverStore\FileRepository\hamdrv.inf_amd64_c59072ec40c0c372\Hamdrv.sys??\??\C:\Users\adaml\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\adaml\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\adaml\AppData\Local\Temp\nsh2585.tmp\dapte.hef??\??\C:\Users\adaml\AppData\Local\Temp\nsh2585.tmp\?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 2710559 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1945969089 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 25 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 485858705 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 12093 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID b95a9b1b-ff6f-432a-95f1-1b2c567 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\ClusterSettings@LastLSMInstanceID b95a9b1b-ff6f-432a-95f1-1b2c567 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{932030c8-08ce-4de1-a4eb-8bb2827df4f4}@LastProbeTime 1475833722 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 2484 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 430 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 24 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{849e78eb-6d89-4e9f-bfbe-04d59209d39e}@LeaseObtainedTime 1475831176 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{849e78eb-6d89-4e9f-bfbe-04d59209d39e}@T1 1475832976 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{849e78eb-6d89-4e9f-bfbe-04d59209d39e}@T2 1475834326 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{849e78eb-6d89-4e9f-bfbe-04d59209d39e}@LeaseTerminatesTime 1475834776 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x15 0x89 0xD6 0x66 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x15 0xF1 0x9A 0xC8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x15 0x21 0x12 0x05 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 14162 14168 14178 14188 14208 14252 14262 14300 14306 14322 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 14328 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 14329 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 14162 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 14163 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:17D78402-0090-1000-999A-90F1AAA838FA\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:17D78402-0090-1000-999A-90F1AAA838FA\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Package Installation@PackageListVersion 731 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore@Count 1108 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x3A 0xF1 0x16 0x3C ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x3A 0xF1 0x16 0x3C ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x3A 0xF1 0x16 0x3C ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x3A 0xF1 0x16 0x3C ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xAF 0xB7 0xEF 0xEE ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds G:\Program Files\Steam\Steam.exe?windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel?Chrome.CCUR753GK2BAD2JDIKOFL5XY.UserData.ChromeDefaultData?Microsoft.Windows.ControlPanel? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@G:\Program Files\Steam\Steam.exe 0xC0 0x54 0x29 0xA4 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel 0x90 0x86 0x8B 0x3C ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome.CCUR753GK2BAD2JDIKOFL5XY.UserData.ChromeDefaultData 0x19 0x55 0xEE 0x48 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Microsoft.Windows.ControlPanel 0x1B 0x84 0x09 0xC9 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{24FC3EEE-EC1D-4E85-ACC9-861498D90FEC}@LastAccessedTime 0x60 0x66 0xE9 0x1D ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{24FC3EEE-EC1D-4E85-ACC9-861498D90FEC}@LaunchCount 15 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance@MessageTime 0x4A 0x67 0xFE 0xC9 ... ---- EOF - GMER 2.2 ----