GMER 2.2.19882 - httpwww.gmer.net Rootkit scan 2017-04-26 232931 Windows 6.2.9200 x64 Running bfrzxmvz.exe ---- Registry - GMER 2.2 ---- Reg HKLMSYSTEMCurrentControlSetControlCMFSqmData@SystemStartTime 0xFC 0xE4 0x85 0xE9 ... Reg HKLMSYSTEMCurrentControlSetControlCMFSqmData@SystemLastStartTime 0x4F 0xD6 0x7D 0x6A ... Reg HKLMSYSTEMCurrentControlSetControlCMFSqmData@CMFStartTime 0xFC 0xE4 0x85 0xE9 ... Reg HKLMSYSTEMCurrentControlSetControlCMFSqmData@CMFLastStartTime 0x4F 0xD6 0x7D 0x6A ... Reg HKLMSYSTEMCurrentControlSetControlCMFSqmDataBootLanguages@pl-PL 17 Reg HKLMSYSTEMCurrentControlSetControlGraphicsDriversConfigurationAUO35EC0_29_07DC_D8^06F79C0831196F8195606F95CF09D835@Timestamp 0x49 0xE2 0xC3 0xE9 ... Reg HKLMSYSTEMCurrentControlSetControlLsa@LsaPid 792 Reg HKLMSYSTEMCurrentControlSetControlSession ManagerExecutive@UuidSequenceNumber 4521816 Reg HKLMSYSTEMCurrentControlSetControlSession ManagerkernelRNG@RNGAuxiliarySeed 684210598 Reg HKLMSYSTEMCurrentControlSetControlSession ManagerMemory ManagementPrefetchParameters@BootId 17 Reg HKLMSYSTEMCurrentControlSetControlSession ManagerMemory ManagementPrefetchParameters@BaseTime 502853452 Reg HKLMSYSTEMCurrentControlSetControlSession ManagerPower@POSTTime 2028 Reg HKLMSYSTEMCurrentControlSetControlSession ManagerPower@FwPOSTTime 2024 Reg HKLMSYSTEMCurrentControlSetControlTerminal Server@InstanceID 944c70bf-9017-4932-91ac-ed7c2cf Reg HKLMSYSTEMCurrentControlSetControlWDIConfig@ServerName BaseNamedObjectsWDI_{522c5184-db9b-4ed7-bb26-dd67cd9503be} Reg HKLMSYSTEMCurrentControlSetControlWMIAutologgerAITEventLog@FileCounter 3 Reg HKLMSYSTEMCurrentControlSetControlWMIAutologgerWdiContextLog@FileCounter 2 Reg HKLMSYSTEMCurrentControlSetServicesApfiltrServiceParametersWdf@TimeOfLastTelemetryLog 0xAE 0x05 0x57 0xC6 ... Reg HKLMSYSTEMCurrentControlSetServicesaswbidshParameters@Reboot 36 Reg HKLMSYSTEMCurrentControlSetServicesaswRvrtParameters@BootCounter 22 Reg HKLMSYSTEMCurrentControlSetServicesaswRvrtParametersInstup_14913298959682291@SetupOperations KKLLLLt6( KK K0Commited0KKKKKK0t0}(tK KK KCommitedKKKKKKK KK KCommitedKKKKKKttBKn D KK KCommitedKKKKKKttK ( KK KCommitedKKKKMM Reg HKLMSYSTEMCurrentControlSetServicesaswRvrtParametersInstup_14932022888752291@ Package Reg HKLMSYSTEMCurrentControlSetServicesaswRvrtParametersInstup_14932248143432291@ Package Reg HKLMSYSTEMCurrentControlSetServicesBthLEEnumParametersWdf@TimeOfLastTelemetryLog 0x59 0x86 0x87 0xC7 ... Reg HKLMSYSTEMCurrentControlSetServicesBTHPORTParametersKeys0c8bfd5dc6c6 Reg HKLMSYSTEMCurrentControlSetServicesbthservParametersBluetoothControlPanelTasks@State 0 Reg HKLMSYSTEMCurrentControlSetServicesCADParametersWdf@TimeOfLastTelemetryLog 0x51 0x56 0xE0 0xC5 ... Reg HKLMSYSTEMCurrentControlSetServicescdromParametersWdf@TimeOfLastTelemetryLog 0x66 0xDE 0x08 0xC6 ... Reg HKLMSYSTEMCurrentControlSetServicesCompositeBusParametersWdf@TimeOfLastTelemetryLog 0x51 0x56 0xE0 0xC5 ... Reg HKLMSYSTEMCurrentControlSetServicesDnscacheParametersProbe{e74322a1-358f-4625-873b-1f09dff6d441}@LastProbeTime 1493236378 Reg HKLMSYSTEMCurrentControlSetServicesHDAudBusParametersWdf@TimeOfLastTelemetryLog 0xE7 0x2D 0xF8 0xC5 ... Reg HKLMSYSTEMCurrentControlSetServicesibtusbParametersWdf@TimeOfLastTelemetryLog 0x07 0xC1 0x2A 0xC7 ... Reg HKLMSYSTEMCurrentControlSetServicesintelppmParametersWdf@TimeOfLastTelemetryLog 0x66 0xDE 0x08 0xC6 ... Reg HKLMSYSTEMCurrentControlSetServicesiwdbusParametersWdf@TimeOfLastTelemetryLog 0x66 0xDE 0x08 0xC6 ... Reg HKLMSYSTEMCurrentControlSetServicesmonitorParametersWdf@TimeOfLastTelemetryLog 0xAE 0xA2 0x42 0xD6 ... Reg HKLMSYSTEMCurrentControlSetServicesmsisadrvParametersWdf@TimeOfLastTelemetryLog 0x2B 0x9A 0x18 0xB7 ... Reg HKLMSYSTEMCurrentControlSetServicesNdisVirtualBusParametersWdf@TimeOfLastTelemetryLog 0x66 0xDE 0x08 0xC6 ... Reg HKLMSYSTEMCurrentControlSetServicesrdyboostDiagnostics@ReadyBootTrainingCountSinceLastServicing 16 Reg HKLMSYSTEMCurrentControlSetServicesrdyboostParameters@LastBootPlanUserTime r., kwi 26 17, 075534;; Reg HKLMSYSTEMCurrentControlSetServicesSharedAccessEpoch@Epoch 803 Reg HKLMSYSTEMCurrentControlSetServicesSharedAccessEpoch2@Epoch 70 Reg HKLMSYSTEMCurrentControlSetServicessrvnetParameters@MajorSequence 16 Reg HKLMSYSTEMCurrentControlSetServicesTcpipParametersInterfaces{d77dc44a-a30d-4397-9575-ca3b88893ad6}@LeaseObtainedTime 1493237683 Reg HKLMSYSTEMCurrentControlSetServicesTcpipParametersInterfaces{d77dc44a-a30d-4397-9575-ca3b88893ad6}@T1 1493241283 Reg HKLMSYSTEMCurrentControlSetServicesTcpipParametersInterfaces{d77dc44a-a30d-4397-9575-ca3b88893ad6}@T2 1493243983 Reg HKLMSYSTEMCurrentControlSetServicesTcpipParametersInterfaces{d77dc44a-a30d-4397-9575-ca3b88893ad6}@LeaseTerminatesTime 1493244883 Reg HKLMSYSTEMCurrentControlSetServicesumbusParametersWdf@TimeOfLastTelemetryLog 0x51 0x56 0xE0 0xC5 ... Reg HKLMSYSTEMCurrentControlSetServicesUSBHUB3ParametersWdf@TimeOfLastTelemetryLog 0x19 0x50 0x68 0xC6 ... Reg HKLMSYSTEMCurrentControlSetServicesUSBXHCIParametersWdf@TimeOfLastTelemetryLog 0xE1 0x06 0xF1 0xC5 ... Reg HKLMSYSTEMCurrentControlSetServicesvdrvrootParametersWdf@TimeOfLastTelemetryLog 0xA2 0x4A 0x29 0xB7 ... Reg HKLMSYSTEMCurrentControlSetServicesvwifibusParametersWdf@TimeOfLastTelemetryLog 0xB9 0x40 0x0B 0xC6 ... Reg HKLMSYSTEMCurrentControlSetServicesW32TimeSecureTimeLimits@SecureTimeEstimated 0x18 0x22 0xB4 0x6A ... Reg HKLMSYSTEMCurrentControlSetServicesW32TimeSecureTimeLimits@SecureTimeHigh 0x18 0x8A 0x78 0xCC ... Reg HKLMSYSTEMCurrentControlSetServicesW32TimeSecureTimeLimits@SecureTimeLow 0x18 0xBA 0xEF 0x08 ... Reg HKLMSYSTEMCurrentControlSetServicesWinmgmtParameters@ServiceDllUnloadOnStop 0 Reg HKLMSYSTEMCurrentControlSetServicesWmiApRplPerformance@Object List 12032 12038 12050 12060 12070 12090 12134 12144 12182 12188 12204 Reg HKLMSYSTEMCurrentControlSetServicesWmiApRplPerformance@Last Counter 12210 Reg HKLMSYSTEMCurrentControlSetServicesWmiApRplPerformance@Last Help 12211 Reg HKLMSYSTEMCurrentControlSetServicesWmiApRplPerformance@First Counter 12032 Reg HKLMSYSTEMCurrentControlSetServicesWmiApRplPerformance@First Help 12033 Reg HKLMSYSTEMSetupUpgradeNsiMigrationRoot600@Rw 0x64 0x62 0x03 0x00 ... Reg HKLMSYSTEMSetupUpgradeNsiMigrationRoot600@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLMSYSTEMSetupUpgradeNsiMigrationRoot601@Rw 0x64 0x62 0x03 0x00 ... Reg HKLMSYSTEMSetupUpgradeNsiMigrationRoot601@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCUSoftwareMicrosoftWindowsCurrentVersionLiveRoamingPolicyData@LastWindowsRequestBucketDrainTime 0x9E 0x52 0x31 0xD0 ... Reg HKCUSoftwareMicrosoftWindowsCurrentVersionLiveRoamingPolicyData@LastWindowsLargeRequestBucketDrainTime 0x9E 0x52 0x31 0xD0 ... Reg HKCUSoftwareMicrosoftWindowsCurrentVersionLiveRoamingPolicyData@LastOtherRequestBucketDrainTime 0x9E 0x52 0x31 0xD0 ... Reg HKCUSoftwareMicrosoftWindowsCurrentVersionLiveRoamingPolicyData@LastGlobalRequestBucketDrainTime 0x9E 0x52 0x31 0xD0 ... Reg HKCUSoftwareMicrosoftWindowsCurrentVersionLiveRoamingWinRoamErrors@LastErrorLevel 0 Reg HKCUSoftwareMicrosoftWindowsCurrentVersionNotifications@TimestampWhenSeen 0x9D 0x0A 0xBE 0xE1 ... Reg HKCUSoftwareMicrosoftWindowsCurrentVersionSearchJumplistData@Chrome 0x03 0xB1 0x84 0x28 ... Reg HKCUSoftwareMicrosoftWindowsCurrentVersionSearchRecentApps{AEC8E5A2-CB72-49D6-8C14-67C443B4BB98}@LastAccessedTime 0xD0 0xBC 0xB9 0xA9 ... Reg HKCUSoftwareMicrosoftWindowsCurrentVersionSearchRecentApps{AEC8E5A2-CB72-49D6-8C14-67C443B4BB98}@LaunchCount 1 Reg HKCUSoftwareMicrosoftWindowsCurrentVersionSearchRecentApps{D9B38635-668D-4672-8A83-535BC45592D7}@LastAccessedTime 0x90 0xF1 0xB7 0x7E ... Reg HKCUSoftwareMicrosoftWindowsCurrentVersionSearchRecentApps{D9B38635-668D-4672-8A83-535BC45592D7}@LaunchCount 14 Reg HKCUSoftwareMicrosoftWindowsCurrentVersionSearchRecentApps{F8B49131-BBAB-428B-879A-821EDACCE6BA}@LastAccessedTime 0x80 0x0F 0xC4 0x51 ... Reg HKCUSoftwareMicrosoftWindowsCurrentVersionSearchRecentApps{F8B49131-BBAB-428B-879A-821EDACCE6BA}@LaunchCount 4 Reg HKCUSoftwareMicrosoftWindowsCurrentVersionSecurity and Maintenance@MessageTime 0xD1 0xE6 0xD8 0x8C ... ---- EOF - GMER 2.2 ----