GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-16 17:01:18 Windows 6.2.9200 x64 Running: gmer.exe ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xA0 0x77 0x78 0x97 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x0C 0x04 0x68 0x9D ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 41 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\LCD21601_08_07D9_41^EC4680C03ACD8B15936049FD4D31880C@Timestamp 0x3D 0x43 0xE9 0x97 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 600 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900024 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1981250261 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 46 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 501995609 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 32407 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 7a39934a-85e8-4035-acd0-5287ea3 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AITEventLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SQMLogger@FileCounter 6 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh\Parameters@Reboot 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14911275180152291@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14911275180152291@SetupOperations ???2?????2?3?3?3?????????3??????????????????????????????????? ????????????????????P??M??????? ???????2???????????)???????? ??????????????????????????2???n??Package??????????????????????????u???????????????????????????????????2??????????????????????? ???????2???????????)???????? ??????????????????????????2??????Package?l.???????2???????????????2???????????????????????????s???????2??????????????????????? ???????2???????????????????? ??????????????????????????2??????Package??????????????????????????A??????|???????????? ?????t|????????2???????????????????s??? ???????2???????????????????? ??????????????????????????2???.??Package??,?????????????????????????????t?????????????f???????????????2???????????????????G??? ???????2???????????????????? ??????????????????????????2???.??Package??.???2???????????????????(?????????????????????????t?????????2???n??????ys???????-??? ???????2???????????????????? ??????????????????????????2???/??Package?n}???????2???????????????u?????tho?????????????????tin???????2???3??????er????? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14912228039682291@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14913103056092291@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14914046035312291@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14914207114842291@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14914962859372291@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14916515820462291@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14917456563132291@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14918358999072291@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14919256007822291@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14919405062352291@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14920082695792291@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14920227716252291@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14920865918132291@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14921700368912291@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14922706889692291@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14923500869072291@ Package Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{f30676b1-3445-4a4e-b64d-e54ca656f227}@LastProbeTime 1492358153 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 7963 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 724 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 43 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7DD18515-C24D-480B-9003-A980DDBA6F8D}@LeaseObtainedTime 1492350716 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7DD18515-C24D-480B-9003-A980DDBA6F8D}@T1 1499550716 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7DD18515-C24D-480B-9003-A980DDBA6F8D}@T2 1504950716 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7DD18515-C24D-480B-9003-A980DDBA6F8D}@LeaseTerminatesTime 1506750716 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85F685C3-20D9-4943-95E4-EB4224056C3F}\iexplore@Count 268 ---- EOF - GMER 2.2 ----