GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-08 11:09:48 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEKT-75PVMT0 rev.01.01A01 232,89GB Running: rnw8ropy.exe; Driver: C:\Users\FACTOR~1\AppData\Local\Temp\aftyapog.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [592:2180] fffff961cd317300 Thread C:\WINDOWS\system32\csrss.exe [592:3656] fffff961cd317300 Thread C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2928:2968] 00000000718639a2 Thread C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2928:2972] 00000000718e8d70 Thread C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2928:1444] 0000000077744630 Thread C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2928:3340] 000000006a672bd0 Thread C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2928:3404] 0000000077744630 Thread C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2928:4064] 00000000718e8d70 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xE0 0xEE 0x13 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x06 0x82 0x75 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xE5 0x60 0x1A 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x06 0x82 0x75 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 357 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\ACI19AA83LMTN014408_0B_07D8_82+LGD02EB0_00_07DA_94^1C2EE211D100DA9341BA8102978AF9E6@Timestamp 0x53 0x7B 0x5B 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Program Files (x86)\Mozilla Thunderbird\tobedeleted\moz25F8.tmp??\??\C:\Program Files (x86)\Mozilla Thunderbird\tobedeleted??\??\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1321410607 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 0f219efa-4113-4f28-8851-8e0dc63 Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{786df1d2-c6ba-4305-b441-ac520509dee7} Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\60d819fa4d7a Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{505fb41f-a7e8-4f3c-ad45-770cb16903ba}@LastProbeTime 1460106292 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?pt.?, ?kwi ?08 ?16, 09:06:50?????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 8074 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 2055 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 357 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3753b6c4-344d-4843-b79f-e1bb76c67350}@LeaseObtainedTime 1460099071 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3753b6c4-344d-4843-b79f-e1bb76c67350}@T1 1460142271 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3753b6c4-344d-4843-b79f-e1bb76c67350}@T2 1460174671 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3753b6c4-344d-4843-b79f-e1bb76c67350}@LeaseTerminatesTime 1460185471 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\UnreadMail\kokkos@tlen.pl@MessageCount 3 ---- EOF - GMER 2.2 ----