GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-07 23:56:57 Windows 6.2.9200 x64 Running: j4u8rb3n.exe ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xE8 0xE0 0x00 0x1B ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x4E 0x98 0xD8 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xE8 0xE0 0x00 0x1B ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x4E 0x98 0xD8 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 2109 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\HWP282CCZQ94004YZ_28_07D9_D9^1DA3466E79B317DB396B984CFB9D5E32@Timestamp 0xB9 0xB0 0x14 0x1C ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 740 Reg HKLM\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings@StringCacheGeneration 319 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\WINDOWS\SYSNATIVE\TASKS\Milimili??\??\C:\WINDOWS\SYSNATIVE\TASKS\RunAtStartup??\??\C:\WINDOWS\SYSNATIVE\TASKS\update-S-1-5-21-3585312160-345975134-3153727662-1001??\??\C:\WINDOWS\SYSNATIVE\TASKS\update-sys??\??\C:\WINDOWS\SYSNATIVE\TASKS\CreateChoiceProcessTask??\??\C:\WINDOWS\SYSNATIVE\TASKS\Windows-PG??\??\C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1cZrfFOf.default\extensions\arthurj8283@gmail.com??\??\C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1cZrfFOf.default\extensions\arthurj8283@gmail.com??\??\C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko\1.0_0??\??\C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1cZrfFOf.default\extensions\abs@avira.com??\??\C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1cZrfFOf.default\extensions\magicplayer@acestream.org??\??\C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1cZrfFOf.default\search.json.mozlz4??\??\C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1cZrfFOf. Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3902152 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1636151048 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 2114 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 501260980 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 12250 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 13106 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 6df3c19e-aadf-4fff-a470-72338d2 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh\Parameters@Reboot 36 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter 13 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14912426322502291@SetupOperations ???e?,???1??????????????aswRvrt?.e???????1???U??ps??Extended Base???v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)|?s\????N??1???.??????{5F6E9F89-FBE3-443C-A3C7-8360AE1181FF}???;???????????l?????rST???????]??\Device\HarddiskVolume2\Windows64.???????????\???????????G?1?]?DT ???????????a???????????0?+?,?,?,?1?1??????????????????????MSI&To be filled by O.E.M.&MS-7788???????????????2???????????1??? ???????e???????????+???????? ???????????????????????$??G???.???????(0??_???????????????????????????????????????1??Zapewnia aktualizacj? Twojego oprogramowania Google. Je?li ta us?uga zostanie wy??czona lub zatrzymana, oprogramowanie Google nie b?dzie aktualizowane, co oznacza, ?e zauwa?one luki w zabezpieczeniach nie mog? by? naprawiane, a funkcje mog? nie dzia?a?. Ta us?uga odinstalowuje si? samoczynnie, gdy nie ma ?adnego oprogramowania Google, kt?re z niej korzysta.?C:??"C:\Program Files ( Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{69c38c82-7fab-44fb-a7bf-fff2b151dc62}@LastProbeTime 1491605655 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?Pt?, ?kwi ?07 ?17, 10:55:23??????{???????{???????????????{???? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 19049 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 6977 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4C 0x0D 0x24 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 2111 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 192.168.1.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B3B9B21C-B20B-4C18-A81C-88CD5F48FB07}@LeaseObtainedTime 1491598455 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B3B9B21C-B20B-4C18-A81C-88CD5F48FB07}@T1 1491641655 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B3B9B21C-B20B-4C18-A81C-88CD5F48FB07}@T2 1491674055 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B3B9B21C-B20B-4C18-A81C-88CD5F48FB07}@LeaseTerminatesTime 1491684855 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter 76 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband@FavoritesChanges 85 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore@Count 5 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore@Blocked 5 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}\iexplore@Count 5 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications@MobileBroadbandLastResetDate 0x08 0x0F 0x93 0x1C ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC@128 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe\Uninstall UnHackMe.lnk?C:\Program Files (x86)\UnHackMe\unins000.exe?? ---- EOF - GMER 2.2 ----