GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-05 23:30:54 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000038 PLEXTOR_PX-128M6S rev.1.07 119,24GB Running: gmer.exe; Driver: C:\Users\Szymek\AppData\Local\Temp\uflcypod.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\SysWoW64\svchost.exe [3656:5168] 0000000000dcab0c Thread C:\WINDOWS\SysWoW64\svchost.exe [3656:2908] 0000000000dcab0c Thread C:\WINDOWS\SysWoW64\svchost.exe [3656:6864] 0000000000dcab0c Thread C:\WINDOWS\SysWoW64\svchost.exe [3656:3604] 0000000000dcab0c Thread C:\WINDOWS\SysWoW64\svchost.exe [3656:3968] 0000000000dcab0c ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\GSM5A90508NTHMAZ961_08_07DF_B6^1FF11CFB245484DAC8030B4173A83886@Timestamp 0x74 0x43 0xDF 0x1C ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1756213655 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\UnitedVideo\CONTROL\VIDEO\{A3ECA6C4-C9D2-4860-9E6E-1703015A27CE}\0000@DefaultSettings.XResolution 1280 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\UnitedVideo\CONTROL\VIDEO\{A3ECA6C4-C9D2-4860-9E6E-1703015A27CE}\0000@DefaultSettings.YResolution 960 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{44f23ec2-b580-4eac-8bc5-114b67c1d869}@Dhcpv6MaxLeaseExpireTime 1488752157 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{44f23ec2-b580-4eac-8bc5-114b67c1d869}@Dhcpv6LeaseObtainedTime 1488748557 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x34 0x48 0xAD 0x31 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x34 0xB0 0x71 0x93 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x34 0xE0 0xE8 0xCF ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 75 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications@TimestampWhenSeen 0x5B 0xBD 0xB4 0x06 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\27c5fcc1@NotificationsCount 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds D:\Gry\Steam\Steam.exe? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@D:\Gry\Steam\Steam.exe 0x11 0xB2 0xDF 0xCC ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{1A94F789-2430-4ED1-89A7-18A0BF498A4A} Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{1A94F789-2430-4ED1-89A7-18A0BF498A4A}@LastAccessedTime 0x30 0x12 0xEB 0xD3 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{1A94F789-2430-4ED1-89A7-18A0BF498A4A}@AppId D:\Programy\SapWin3\SapWin.exe Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{1A94F789-2430-4ED1-89A7-18A0BF498A4A}@LaunchCount 4 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{878104EC-493F-4AE0-BBEB-04B7B0EF3B8A}@LastAccessedTime 0x90 0xA7 0xBF 0x24 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{878104EC-493F-4AE0-BBEB-04B7B0EF3B8A}@LaunchCount 60 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{8BF72128-82F9-4234-9DC1-C0F82CEA9C26}@LastAccessedTime 0x80 0x3D 0x76 0xFD ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{8BF72128-82F9-4234-9DC1-C0F82CEA9C26}@LaunchCount 27 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{8BF72128-82F9-4234-9DC1-C0F82CEA9C26}\RecentItems\{72AFAB52-1191-4126-8D9C-54983FC60AD2} Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{8BF72128-82F9-4234-9DC1-C0F82CEA9C26}\RecentItems\{72AFAB52-1191-4126-8D9C-54983FC60AD2}@Type 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{8BF72128-82F9-4234-9DC1-C0F82CEA9C26}\RecentItems\{72AFAB52-1191-4126-8D9C-54983FC60AD2}@Path C:\Users\Szymek\Desktop\Shortcut.txt Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{8BF72128-82F9-4234-9DC1-C0F82CEA9C26}\RecentItems\{72AFAB52-1191-4126-8D9C-54983FC60AD2}@DisplayName Shortcut.txt Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{8BF72128-82F9-4234-9DC1-C0F82CEA9C26}\RecentItems\{72AFAB52-1191-4126-8D9C-54983FC60AD2}@LastAccessedTime 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{8BF72128-82F9-4234-9DC1-C0F82CEA9C26}\RecentItems\{72AFAB52-1191-4126-8D9C-54983FC60AD2}@Points 0x00 0x00 0x00 0x00 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{E13CA0E6-36D1-49CD-A758-79A38DF77045}\RecentItems\{C0C9D46D-8E96-42A5-9963-32DE740A660D} Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{E13CA0E6-36D1-49CD-A758-79A38DF77045}\RecentItems\{C0C9D46D-8E96-42A5-9963-32DE740A660D}@Type 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{E13CA0E6-36D1-49CD-A758-79A38DF77045}\RecentItems\{C0C9D46D-8E96-42A5-9963-32DE740A660D}@Path D:\Opracowanka_PPS_PDF.zip Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{E13CA0E6-36D1-49CD-A758-79A38DF77045}\RecentItems\{C0C9D46D-8E96-42A5-9963-32DE740A660D}@DisplayName Opracowanka_PPS_PDF.zip Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{E13CA0E6-36D1-49CD-A758-79A38DF77045}\RecentItems\{C0C9D46D-8E96-42A5-9963-32DE740A660D}@LastAccessedTime 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{E13CA0E6-36D1-49CD-A758-79A38DF77045}\RecentItems\{C0C9D46D-8E96-42A5-9963-32DE740A660D}@Points 0x00 0x00 0x00 0x00 ---- Files - GMER 2.2 ---- File C:\Users\Szymek\AppData\Local\Temp\etilqs_gh2YBsSmDrQM9dM 1028 bytes File C:\Windows.old\Users\Szymek\AppData\Local\Temp\Rar$DRa0.232\Foty_cd.\20160611170344_IMG_0442.JPG 1059259 bytes File C:\Windows.old\Users\Szymek\AppData\Local\Temp\Rar$DRa0.232\Foty_cd.\20160611170431_IMG_0443.JPG 1051506 bytes File C:\Windows.old\Users\Szymek\AppData\Local\Temp\Rar$DRa0.232\Foty_cd.\20160611170436_IMG_0444.JPG 1054026 bytes File C:\Windows.old\Users\Szymek\AppData\Local\Temp\Rar$DRa0.232\Foty_cd.\20160611170654_IMG_0451.JPG 1010395 bytes File C:\Windows.old\Users\Szymek\AppData\Local\Temp\Rar$DRa0.232\Foty_cd.\20160611170743_IMG_0452.JPG 1030701 bytes File C:\Windows.old\Users\Szymek\AppData\Local\Temp\Rar$DRa0.232\Foty_cd.\20160611170758_IMG_0453.JPG 1147037 bytes File C:\Windows.old\Users\Szymek\AppData\Local\Temp\Rar$DRa0.648\Foty_cd.\20160611170344_IMG_0442.JPG 1059259 bytes File C:\Windows.old\Users\Szymek\AppData\Local\Temp\Rar$DRa0.648\Foty_cd.\20160611170431_IMG_0443.JPG 1051506 bytes File C:\Windows.old\Users\Szymek\AppData\Local\Temp\Rar$DRa0.648\Foty_cd.\20160611170436_IMG_0444.JPG 1054026 bytes File C:\Windows.old\Users\Szymek\AppData\Local\Temp\Rar$DRa0.648\Foty_cd.\20160611170654_IMG_0451.JPG 1010395 bytes File C:\Windows.old\Users\Szymek\AppData\Local\Temp\Rar$DRa0.648\Foty_cd.\20160611170743_IMG_0452.JPG 1030701 bytes File C:\Windows.old\Users\Szymek\AppData\Local\Temp\Rar$DRa0.648\Foty_cd.\20160611170758_IMG_0453.JPG 1147037 bytes File C:\Windows.old\Users\Szymek\AppData\Local\Temp\Rar$DRa0.857\Foty_cd.\20160611170344_IMG_0442.JPG 1059259 bytes File C:\Windows.old\Users\Szymek\AppData\Local\Temp\Rar$DRa0.857\Foty_cd.\20160611170431_IMG_0443.JPG 1051506 bytes File C:\Windows.old\Users\Szymek\AppData\Local\Temp\Rar$DRa0.857\Foty_cd.\20160611170436_IMG_0444.JPG 1054026 bytes File C:\Windows.old\Users\Szymek\AppData\Local\Temp\Rar$DRa0.857\Foty_cd.\20160611170654_IMG_0451.JPG 1010395 bytes File C:\Windows.old\Users\Szymek\AppData\Local\Temp\Rar$DRa0.857\Foty_cd.\20160611170743_IMG_0452.JPG 1030701 bytes File C:\Windows.old\Users\Szymek\AppData\Local\Temp\Rar$DRa0.857\Foty_cd.\20160611170758_IMG_0453.JPG 1147037 bytes File D:\album\Foty_cd\Foty_cd.\20160611170344_IMG_0442.JPG 1059259 bytes File D:\album\Foty_cd\Foty_cd.\20160611170431_IMG_0443.JPG 1051506 bytes File D:\album\Foty_cd\Foty_cd.\20160611170436_IMG_0444.JPG 1054026 bytes File D:\album\Foty_cd\Foty_cd.\20160611170654_IMG_0451.JPG 1010395 bytes File D:\album\Foty_cd\Foty_cd.\20160611170743_IMG_0452.JPG 1030701 bytes File D:\album\Foty_cd\Foty_cd.\20160611170758_IMG_0453.JPG 1147037 bytes File D:\album\Foty_cd.\20160611170344_IMG_0442.JPG 1059259 bytes File D:\album\Foty_cd.\20160611170431_IMG_0443.JPG 1051506 bytes File D:\album\Foty_cd.\20160611170436_IMG_0444.JPG 1054026 bytes File D:\album\Foty_cd.\20160611170654_IMG_0451.JPG 1010395 bytes File D:\album\Foty_cd.\20160611170743_IMG_0452.JPG 1030701 bytes File D:\album\Foty_cd.\20160611170758_IMG_0453.JPG 1147037 bytes ---- EOF - GMER 2.2 ----