GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-02 19:17:38 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000031 ATA_____ rev.MU05 111.79GB Running: hqn0z6zy.exe; Driver: C:\Users\MAGDAL~1\AppData\Local\Temp\uwryafob.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xF1 0xF8 0x02 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xF1 0xF8 0x02 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x36 0x6E 0x51 0x01 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x36 0x6E 0x51 0x01 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 102 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\IVM610116843009_2A_07D9_10^289DB72A29AE80954A16F5FDBC456A02@Timestamp 0x17 0x68 0x97 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 199310836 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 8b22166c-4bbf-4485-8259-4c459d4 Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{1bd467ac-4782-4fd0-9c7d-ce6f22ef6ab1} Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{a9576dcf-b215-46d3-9c88-5bfded7c3435}@LastProbeTime 1464892815 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 11888 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 4685 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 103 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{98BA5690-6C65-4662-9889-6D26913EF5DC}@LeaseObtainedTime 1464885607 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{98BA5690-6C65-4662-9889-6D26913EF5DC}@T1 1464928807 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{98BA5690-6C65-4662-9889-6D26913EF5DC}@T2 1464961207 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{98BA5690-6C65-4662-9889-6D26913EF5DC}@LeaseTerminatesTime 1464972007 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew@Classes .contact?.docx?.jnt?.library-ms?.lnk?.pptx?.psd?.pub?.rar?.txt?.xlsx?.zip?Folder? Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\iexplore@Count 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}\iexplore@Count 25 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime 0x3D 0x8B 0x80 0x01 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter 81 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0xAF 0xE8 0x1D 0x0B ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0xAF 0xE8 0x1D 0x0B ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0xAF 0xE8 0x1D 0x0B ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0xAF 0xE8 0x1D 0x0B ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63600481710783%3bID%3d63CDE28BE62A866C!104%3bLR%3d63600482246267%3bEP%3d5%3bSI%3d0%3bTD%3dTrue%3bSO%3d0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xFE 0xC6 0x59 0x4B ... ---- EOF - GMER 2.2 ----