GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-18 00:28:39 Windows 6.1.7601 Service Pack 1 x64 Running: e9miv7gv.exe ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ?????????????????e???e?????&????255.0.0.0??????????? ????6???????????????6??t.???????????&???e??1??\DR???r?i?v???????????8???????????k???????}???????????????????F??-1???????&???????????????????????????????????????,?&????? ???????????????????&???????? ??????????????????????????&??????????????C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll?????????????????????????s??????0????????????????????-??1????8???????????????????????8???????????8??????????????1????i????t??????????????????&??????????????????????s???1????????????????4???F??????????0???????????????????? ?????????????&???????0????????????????????? ???????&???????????&?0????????????????????????????????????? ?????????????&???????0????????????????????? ???????&???????????&?0???????????????????????&?????????????????????&?&?????3?3?3??1????????????????????7???????????????????&???????????????&???????h???????????????????????2??29?????#?o????8??.??????????????? ?????????????????????0????????????????????????????usbehci?????1?????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x66 0xB7 0x1D 0x16 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x95 0x06 0xB0 0xF7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\GRY\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD4 0x33 0x05 0x46 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3F 0x80 0x56 0x9C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAF 0xE5 0x58 0x28 ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B80D71C9-830D-4106-8398-F647FE048E27}@LeaseObtainedTime 1495058044 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B80D71C9-830D-4106-8398-F647FE048E27}@T1 1495058171 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B80D71C9-830D-4106-8398-F647FE048E27}@T2 1495058267 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B80D71C9-830D-4106-8398-F647FE048E27}@LeaseTerminatesTime 1495058299 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x66 0xB7 0x1D 0x16 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x95 0x06 0xB0 0xF7 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\GRY\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD4 0x33 0x05 0x46 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3F 0x80 0x56 0x9C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAF 0xE5 0x58 0x28 ... Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=1CBE230 MaÅ\x201aa KsiÄ\x2122gowoÅ\x203aÄ\x2021 (MK) 2014.exe 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=2D5BB0 MaÅ\x201aa KsiÄ\x2122gowoÅ\x203aÄ\x2021 (MK) 2014.exe 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=176A0F31 Pakiet Basic z MaÅ\x201aÄ\x2026 KsiÄ\x2122gowoÅ\x203aciÄ\x2026 (MK) 2015.exe 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.IE=01363C08 MaÅ\x201aa KsiÄ\x2122gowoÅ\x203aÄ\x2021 (MK) 2016.exe 1 ---- Files - GMER 2.2 ---- File C:\Users\win7\AppData\Local\Mozilla\Firefox\Profiles\cm89rfyg.Domyœlny u¿ytkownik\cache2\entries\AA9050C3F2DBB32FFE6DAC5CF0E2DEBF78639EA0 1833968 bytes File C:\Users\win7\AppData\Local\Mozilla\Firefox\Profiles\cm89rfyg.Domyœlny u¿ytkownik\cache2\entries\19A588860251E9A07E41530FA6E08000F9EA6AA3 284773 bytes File C:\Users\win7\AppData\Local\Mozilla\Firefox\Profiles\cm89rfyg.Domyœlny u¿ytkownik\cache2\entries\9B824F22D870F7531A2EDFABFE9E0DAFD2E63E42 287155 bytes File C:\Users\win7\AppData\Local\Mozilla\Firefox\Profiles\cm89rfyg.Domyœlny u¿ytkownik\cache2\entries\23A8FFED85E5C2D671DC5BB1362F67BEFC504C2F 1772276 bytes ---- EOF - GMER 2.2 ----