GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-09 19:02:44 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000026 ST1000DM003-1ER162 rev.CC45 931,51GB Running: gmer.exe; Driver: C:\Users\Patrycja\AppData\Local\Temp\fwtdyfog.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2552:2556] 0000000001316361 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2552:3108] 00000000012c6da0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2552:5164] 00000000012e6580 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2552:5168] 00000000012e88c0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2552:5172] 00000000012e8380 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2552:5176] 00000000012e87d0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2552:5216] 00000000012b64f0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2552:5220] 00000000012ae200 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2552:5224] 00000000012c23f0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2552:5228] 00000000012c3860 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2552:6632] 00000000012f35e0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2552:6636] 00000000012a3f30 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2552:6600] 00000000012df590 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2552:4084] 00000000012a3f30 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2552:1748] 00000000012d5f30 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2552:1804] 00000000012cedc0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2552:4640] 00000000012cedc0 Thread C:\WINDOWS\system32\csrss.exe [380:1336] fffff96095324060 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1692841231 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x72 0x0C 0x08 0x41 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x72 0x74 0xCC 0xA2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x72 0xA4 0x43 0xDF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0x4E 0xBA 0x08 0x05 ... ---- EOF - GMER 2.2 ----