GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-05 14:27:31 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000018 WDC_WD5000LPCX-24C6HT0 rev.02.01A02 465,76GB Running: 355wur6n.exe; Driver: C:\Users\tomasz\AppData\Local\Temp\kxtdipow.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -799354525 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\38b1db67d9de Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\38b1db67d9de@50f520e4fc1a 0x42 0x35 0xF4 0xC9 ... ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\system32\apphelp.dll [1936] entry point in ".rdata" section 000000006ddaf7c0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 12321 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b1c204f7-cfb6-4f6b-b443-a7ae05228452}@LeaseObtainedTime 1493950407 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b1c204f7-cfb6-4f6b-b443-a7ae05228452}@T1 1493952207 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b1c204f7-cfb6-4f6b-b443-a7ae05228452}@T2 1493953557 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b1c204f7-cfb6-4f6b-b443-a7ae05228452}@LeaseTerminatesTime 1493954007 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x2A 0x3A 0x93 0xB9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x2A 0xA2 0x57 0x1B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x2A 0xD2 0xCE 0x57 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:0B532B80-00BE-1000-9E19-5085690B8844\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:0B532B80-00BE-1000-9E19-5085690B8844\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe 0xD1 0xE1 0xA9 0x35 ... ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\svchost.exe [884:1012] 00007ffe207df950 Thread C:\WINDOWS\system32\svchost.exe [884:1016] 00007ffe207ded20 Thread C:\WINDOWS\system32\svchost.exe [884:76] 00007ffe205d8ae0 Thread C:\WINDOWS\system32\svchost.exe [524:2576] 00007ffe151e1a50 Thread C:\WINDOWS\system32\svchost.exe [524:2784] 00007ffe14f039b0 Thread C:\WINDOWS\system32\svchost.exe [524:2956] 00007ffe21241040 Thread C:\WINDOWS\system32\svchost.exe [524:3048] 00007ffe212f48e0 Thread C:\WINDOWS\system32\svchost.exe [524:2164] 00007ffe212f48e0 Thread C:\WINDOWS\system32\svchost.exe [524:992] 00007ffe137d7ac0 Thread C:\WINDOWS\system32\svchost.exe [524:4996] 00007ffe137d7ac0 Thread C:\WINDOWS\system32\svchost.exe [524:5916] 00007ffe1a0b30f0 Thread C:\WINDOWS\system32\svchost.exe [524:7068] 00007ffe153a50a0 Thread C:\WINDOWS\System32\svchost.exe [456:1556] 00007ffe1a864310 Thread C:\WINDOWS\System32\svchost.exe [456:1508] 00007ffe17883520 Thread C:\WINDOWS\System32\svchost.exe [456:2396] 00007ffe16192af0 Thread C:\WINDOWS\System32\svchost.exe [456:2400] 00007ffe16192a40 Thread C:\WINDOWS\System32\svchost.exe [456:2756] 00007ffe158cdbe0 Thread C:\WINDOWS\System32\svchost.exe [456:2760] 00007ffe158cdbe0 Thread C:\WINDOWS\System32\svchost.exe [456:2792] 00007ffe158cdbe0 Thread C:\WINDOWS\System32\svchost.exe [456:2940] 00007ffe183ea5e0 Thread C:\WINDOWS\System32\svchost.exe [456:3196] 00007ffe22c859c0 Thread C:\WINDOWS\System32\svchost.exe [456:3348] 00007ffe22c859c0 Thread C:\WINDOWS\System32\svchost.exe [456:3352] 00007ffe22c859c0 Thread C:\WINDOWS\System32\svchost.exe [456:3356] 00007ffe22c859c0 Thread C:\WINDOWS\System32\svchost.exe [456:3360] 00007ffe22c859c0 Thread C:\WINDOWS\System32\svchost.exe [456:3364] 00007ffe22c859c0 Thread C:\WINDOWS\System32\svchost.exe [456:3368] 00007ffe22c859c0 Thread C:\WINDOWS\System32\svchost.exe [456:3848] 00007ffe1618fdf0 Thread C:\WINDOWS\System32\svchost.exe [456:4896] 00007ffe16185c80 Thread C:\WINDOWS\system32\svchost.exe [1264:1432] 00007ffe217b6750 Thread C:\WINDOWS\system32\svchost.exe [1264:1436] 00007ffe217b6750 Thread C:\WINDOWS\system32\svchost.exe [1264:2052] 00007ffe217b6750 Thread C:\WINDOWS\system32\svchost.exe [1264:2060] 00007ffe16bdc5a0 Thread C:\WINDOWS\system32\svchost.exe [1264:2068] 00007ffe17676cf0 Thread C:\WINDOWS\system32\svchost.exe [1264:2108] 00007ffe16bdeab0 Thread C:\WINDOWS\system32\svchost.exe [1264:2188] 00007ffe167faf40 Thread C:\WINDOWS\system32\svchost.exe [1264:2332] 00007ffe16bdd2d0 Thread C:\WINDOWS\system32\svchost.exe [1264:2336] 00007ffe16bde100 Thread C:\WINDOWS\system32\svchost.exe [1264:2360] 00007ffe167fca00 Thread C:\WINDOWS\system32\svchost.exe [1264:3012] 00007ffe143e1240 Thread C:\WINDOWS\system32\svchost.exe [1264:3016] 00007ffe13caa3b0 Thread C:\WINDOWS\system32\svchost.exe [1264:3032] 00007ffe144525e0 Thread C:\WINDOWS\system32\svchost.exe [1264:3532] 00007ffe13a13bc0 Thread C:\WINDOWS\system32\svchost.exe [1264:5072] 00007ffe13a12080 Thread C:\WINDOWS\System32\svchost.exe [1284:1544] 00007ffe1a8ca920 Thread C:\WINDOWS\System32\svchost.exe [1284:1636] 00007ffe19ff3210 Thread C:\WINDOWS\System32\svchost.exe [1284:1640] 00007ffe19f83ba0 Thread C:\WINDOWS\System32\svchost.exe [1284:2996] 00007ffe13cf1670 Thread C:\WINDOWS\System32\svchost.exe [1284:3116] 00007ffe14f7ac90 Thread C:\WINDOWS\System32\svchost.exe [1284:3124] 00007ffe14f73590 Thread C:\WINDOWS\system32\dashost.exe [1656:3600] 00007ffe1a0b30f0 Thread C:\WINDOWS\system32\svchost.exe [1732:1812] 00007ffe1853fa00 Thread C:\WINDOWS\system32\svchost.exe [1732:1820] 00007ffe184010a0 Thread C:\WINDOWS\system32\svchost.exe [1732:1840] 00007ffe183ea5e0 Thread C:\WINDOWS\system32\svchost.exe [1732:1960] 00007ffe190baee0 Thread C:\WINDOWS\system32\svchost.exe [1732:1968] 00007ffe19082cf0 Thread C:\WINDOWS\system32\svchost.exe [1732:2004] 00007ffe17ce5be0 Thread C:\WINDOWS\system32\svchost.exe [1732:2020] 00007ffe17ce9b30 Thread C:\WINDOWS\system32\svchost.exe [1732:2024] 00007ffe19082cf0 Thread C:\WINDOWS\system32\svchost.exe [1732:4028] 00007ffe183ea5e0 Thread C:\WINDOWS\system32\svchost.exe [1844:1880] 00007ffe2428b310 Thread C:\WINDOWS\system32\svchost.exe [1844:1932] 00007ffe17e544b0 Thread C:\WINDOWS\system32\svchost.exe [1844:2040] 00007ffe217b6750 Thread C:\WINDOWS\system32\svchost.exe [2180:3200] 00007ffe143ab180 Thread C:\WINDOWS\system32\svchost.exe [2180:3204] 00007ffe143af5f0 Thread C:\WINDOWS\system32\svchost.exe [2180:3284] 00007ffe14235bc0 Thread C:\WINDOWS\system32\svchost.exe [2180:3288] 00007ffe14247d70 Thread C:\WINDOWS\system32\svchost.exe [2180:5696] 00007ffe143c6130 Thread C:\Program Files\Windows Defender\MsMpEng.exe [2412:4628] 00007ffe243b5f10 Thread C:\Program Files\Windows Defender\MsMpEng.exe [2412:6852] 00007ffe02df9370 Thread C:\Program Files\Windows Defender\MsMpEng.exe [2412:6996] 00007ffe02df9370 Thread C:\WINDOWS\system32\SearchIndexer.exe [2420:2928] 00007ffe158cdbe0 Thread C:\WINDOWS\system32\SearchIndexer.exe [2420:2932] 00007ffe158cdbe0 Thread C:\WINDOWS\system32\SearchIndexer.exe [2420:3008] 00007ffe158cdbe0 Thread C:\WINDOWS\system32\SearchIndexer.exe [2420:3540] 00007ffe11754320 Thread C:\WINDOWS\system32\taskhostw.exe [3896:4032] 00007ffe10a31ba0 Thread C:\WINDOWS\system32\taskhostw.exe [3896:112] 00007ffe10881160 Thread C:\WINDOWS\system32\taskhostw.exe [3896:3488] 00007ffe10881a20 Thread C:\WINDOWS\system32\taskhostw.exe [3896:3208] 00007ffe23ff8490 Thread C:\WINDOWS\system32\taskhostw.exe [3896:4308] 00007ffe0fd0a3b0 Thread C:\WINDOWS\system32\taskhostw.exe [3896:4312] 00007ffe200b30f0 Thread C:\WINDOWS\system32\taskhostw.exe [3896:4332] 00007ffe0e567930 Thread C:\WINDOWS\system32\taskhostw.exe [3896:4336] 00007ffe0e567930 Thread C:\WINDOWS\system32\taskhostw.exe [3896:5036] 00007ffe158cdbe0 Thread C:\WINDOWS\system32\taskhostw.exe [3896:5040] 00007ffe158cdbe0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:4644] 00007ffe243b5f10 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:4648] 00007ffe22c859c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:4656] 00007ffe1b0dcb90 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:4660] 00007ffe1bef48e0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:4672] 00007ffe22c859c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:4676] 00007ffe1b0dcb90 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:4692] 00007ffe243b5f10 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:4752] 00007ffe1a1ee010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:4768] 00007ffe1afb52c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:4772] 00007ffe1afb52c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:4988] 00007ffe22c859c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:4992] 00007ffe1b0dcb90 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:5032] 00007ffe1a1ee010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:3580] 00007ffe22c859c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:5988] 00007ffe1b0dcb90 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:1888] 00007ffe1a1ee010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:5052] 00007ffe20a711a0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:6820] 00007ffe0c8b9780 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:6956] 00007ffe1074cb60 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:4476] 00007ffe1074cb60 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:1852] 00007ffe1074cb60 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:5408] 00007ffe230025a0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:2912] 00007ffe22c870d0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:6468] 00007ffe14534c90 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:2284] 00007ffe1074cb60 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:6208] 00007ffe1074cb60 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:756] 00007ffe1b001090 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:3172] 00007ffe1b001090 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:3768] 00007ffe1b001090 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4524:7044] 00007ffe1b001090 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:4884] 00007ffe22c859c0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:4892] 00007ffe1b0dcb90 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:4900] 00007ffe1bef48e0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:4960] 00007ffe1a1ee010 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:5008] 00007ffe2428b310 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:5020] 00007ffe0974f6a0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:5024] 00007ffe0978d930 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:5028] 00007ffe0974bd40 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:5088] 00007ffe0978d930 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:5092] 00007ffe2428b310 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:5096] 00007ffe2428b310 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:1388] 00007ffe09795490 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:3984] 00007ffe0978d930 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:6044] 00007ffe243b5f10 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:5644] 00007ffe243b5f10 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:3684] 00007ffe243b5f10 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:5384] 00007ffe0978d930 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:3740] 00007ffe22c870d0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:6888] 00007ffe20a711a0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [4756:3416] 00007ffe1b001090 Thread C:\Windows\System32\CastSrv.exe [5044:4532] 00007ffe243b5f10 Thread C:\Windows\System32\CastSrv.exe [5044:4296] 00007ffe190baee0 Thread C:\Windows\System32\CastSrv.exe [5044:4940] 00007ffe17e9e7f0 Thread C:\Windows\System32\CastSrv.exe [5044:4140] 00007ffe22c859c0 Thread C:\Windows\System32\CastSrv.exe [5044:4888] 00007ffe22c859c0 Thread C:\WINDOWS\system32\SettingSyncHost.exe [5660:5376] 00007ffe22c859c0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6348:4932] 00007ffe243b5f10 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6348:6304] 00007ffe22c859c0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6348:6264] 00007ffe1b0dcb90 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6348:6840] 00007ffe22c870d0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6348:4856] 00007ffe20092880 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6348:328] 00007ffe22c859c0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6348:4572] 00007ffe183ea5e0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6348:336] 00007ffe19082cf0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6348:388] 00007ffe1c07bb70 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6348:4836] 00007ffe19082cf0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6348:4844] 00007ffe19082cf0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6348:6276] 00007ffe243b5f10 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6348:6236] 00007ffe243b5f10 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6348:6240] 00007ffe243b5f10 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6348:5688] 00007ffe243b5f10 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6348:6412] 00007ffe20a711a0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6348:6400] 00007ffe1a1ee010 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [6348:7064] 00007ffe1b001090 Thread C:\WINDOWS\system32\DllHost.exe [5224:192] 00007ffe243b5f10 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -799354525 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\38b1db67d9de Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\38b1db67d9de@50f520e4fc1a 0x42 0x35 0xF4 0xC9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b1c204f7-cfb6-4f6b-b443-a7ae05228452}@LeaseObtainedTime 1493955807 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b1c204f7-cfb6-4f6b-b443-a7ae05228452}@T1 1493957607 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b1c204f7-cfb6-4f6b-b443-a7ae05228452}@T2 1493958957 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b1c204f7-cfb6-4f6b-b443-a7ae05228452}@LeaseTerminatesTime 1493959407 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xFD 0x46 0x1C 0x65 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xFD 0xAE 0xE0 0xC6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xFD 0xDE 0x57 0x03 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:0B532B80-00BE-1000-9E19-5085690B8844\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:0B532B80-00BE-1000-9E19-5085690B8844\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\453f51b2@NotificationsCount 3 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting@CachedFeatureString Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome 0x9D 0x6D 0x5C 0x87 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe 0xD1 0xE1 0xA9 0x35 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Users\tomasz\Downloads\Compressed\Raman.\Raman.Raghav.2.0.2016.PL.SUBBED.BRRip.XviD-KiT 0 bytes File C:\Users\tomasz\Downloads\Compressed\Raman.\Raman.Raghav.2.0.2016.PL.SUBBED.BRRip.XviD-KiT 0 bytes File C:\Users\tomasz\Downloads\Compressed\Raman.\Raman.Raghav.2.0.2016.PL.SUBBED.BRRip.XviD-KiT\Forum wielotematyczne, DARMOWE SERWERY!.URL 106 bytes File C:\Users\tomasz\Downloads\Compressed\Raman.\Raman.Raghav.2.0.2016.PL.SUBBED.BRRip.XviD-KiT\Forum wielotematyczne, DARMOWE SERWERY!.URL 106 bytes File C:\Users\tomasz\Downloads\Compressed\Raman.\Raman.Raghav.2.0.2016.PL.SUBBED.BRRip.XviD-KiT\Raman.Raghav.2.0.2016.PL.SUBBED.BRRip.XviD-KiT.avi File C:\Users\tomasz\Downloads\Compressed\Raman.\Raman.Raghav.2.0.2016.PL.SUBBED.BRRip.XviD-KiT\Raman.Raghav.2.0.2016.PL.SUBBED.BRRip.XviD-KiT.avi 1468624896 bytes ---- EOF - GMER 2.2 ----