GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-06-16 20:13:10 Windows 6.2.9200 x64 Running: bbl4edj0.exe ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xD3 0xDF 0xC2 0xDE ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x98 0xCB 0x0E 0xEB ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 131 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\LGD045D0_00_07DE_B7^73A5BCF74B550FEE33D714EA0145B524@Timestamp 0xA7 0xD9 0x44 0xDF ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 812 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CA36A312-2CCB-4BE4-B555-C7CDC37D5DC1}\Connection@Name Reusable ISATAP Interface {CA36A312-2CCB-4BE4-B555-C7CDC37D5DC1} Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900130 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1177722320 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 153 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 507149687 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 3163 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 3146 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 1a0eaf4d-5364-4bb1-a03f-0c6b5b5 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Aksfridge@FileCounter 8 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\avgbidsh\Parameters@Reboot 26 Reg HKLM\SYSTEM\CurrentControlSet\Services\avgRvrt\Parameters@BootCounter 24 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\40b89a554292 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\40b89a554292@300d43f7e47a 0xD1 0xFB 0x92 0xF0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\ac72891d0537 Reg HKLM\SYSTEM\CurrentControlSet\Services\bthserv\Parameters\BluetoothControlPanelTasks@State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{07c9af80-9817-4ec6-9c3d-d8db33da5a20}@LastProbeTime 1497635699 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{CA36A312-2CCB-4BE4-B555-C7CDC37D5DC1}@InterfaceName Reusable ISATAP Interface {CA36A312-2CCB-4BE4-B555-C7CDC37D5DC1} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{CA36A312-2CCB-4BE4-B555-C7CDC37D5DC1}@ReusableType 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\a0-f3-c1-d9-59-22@AddressCreationTimestamp 0x5A 0x90 0x54 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 7860 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 3382 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-200|Desc=@%systemroot%\system32\provsvc.dll,-201|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-203|Desc=@%systemroot%\system32\provsvc.dll,-204|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-205|Desc=@%systemroot%\system32\provsvc.dll,-206|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-207|Desc=@%systemroot%\system32\provsvc.dll,-208|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 150 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{28E7DB95-E4CA-4047-BAB7-ADECF94F8362}@LeaseObtainedTime 1497628488 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{28E7DB95-E4CA-4047-BAB7-ADECF94F8362}@T1 1497632088 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{28E7DB95-E4CA-4047-BAB7-ADECF94F8362}@T2 1497634788 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{28E7DB95-E4CA-4047-BAB7-ADECF94F8362}@LeaseTerminatesTime 1497635688 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter 25 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x20 0xAD 0x44 0xED ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x20 0xAD 0x44 0xED ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherBandwidthBucketCounter 14691 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherRequestBucketCounter 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x20 0xAD 0x44 0xED ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter 107059 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x20 0xAD 0x44 0xED ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63633224676873%3bID%3d2780052925933270!104%3bLR%3d63633225308177%3bEP%3d15%3bSI%3d44%3bTD%3dTrue%3bSO%3d0%3bPI%3d49 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime 0x8C 0x76 0xF0 0x74 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0x03 0x0F 0x03 0xA3 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce@Report C:\AdwCleaner\AdwCleaner[C10].txt ---- EOF - GMER 2.2 ----