GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-29 00:05:57 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600JS-00MHB0 rev.02.01C03 149,05GB Running: 6bir28hz.exe; Driver: C:\Users\IGORR_~1\AppData\Local\Temp\kgriapog.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [680:3008] fffff9603b314030 Thread C:\WINDOWS\system32\svchost.exe [1076:3060] 00007ff8dd8c3f10 Thread C:\WINDOWS\system32\svchost.exe [1076:712] 00007ff8dace3f10 Thread C:\Program Files (x86)\Wifisrv\WifiService.exe [2296:4004] 0000000073c1cce5 Thread C:\Program Files (x86)\Wifisrv\WifiService.exe [2296:4008] 0000000073c1cce5 Thread C:\Program Files (x86)\Wifisrv\WifiService.exe [2296:4012] 0000000073c1cce5 Thread C:\Program Files (x86)\Wifisrv\WifiService.exe [2296:4020] 0000000073c1cce5 Thread C:\Program Files (x86)\Wifisrv\WifiService.exe [2296:4052] 000000001000e886 Thread C:\Program Files (x86)\Wifisrv\WifiService.exe [2296:4056] 000000001000e886 Thread C:\Program Files (x86)\Wifisrv\WifiService.exe [2296:4060] 000000001000e886 Thread C:\Program Files (x86)\Wifisrv\WifiService.exe [2296:4064] 000000001000e886 Thread C:\Program Files (x86)\Wifisrv\WifiService.exe [2296:4072] 00000000011ab7c9 Thread C:\Program Files (x86)\Wifisrv\WifiService.exe [2296:4076] 00000000011ab7c9 Thread C:\Program Files (x86)\Wifisrv\WifiService.exe [2296:4080] 00000000011ab7c9 Thread C:\Program Files (x86)\Wifisrv\WifiService.exe [2296:4084] 00000000011ab7c9 Thread C:\Program Files (x86)\Wifisrv\WifiService.exe [2296:5092] 00000000739b1130 Thread C:\Program Files (x86)\Wifisrv\WifiService.exe [2296:5088] 00000000739b1130 Thread C:\Program Files (x86)\Wifisrv\WifiService.exe [2296:1828] 00000000739b1130 Thread C:\Program Files (x86)\Wifisrv\WifiService.exe [2296:4420] 00000000739b1130 Thread C:\Program Files\¿ìѹ\X86\KuaiZip.exe [5164:5404] 0000000066561690 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -454962135 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1042a317-ac68-44e3-927c-5e3c2dd2cc29}@LeaseObtainedTime 1467144686 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1042a317-ac68-44e3-927c-5e3c2dd2cc29}@T1 1467148286 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1042a317-ac68-44e3-927c-5e3c2dd2cc29}@T2 1467150986 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1042a317-ac68-44e3-927c-5e3c2dd2cc29}@LeaseTerminatesTime 1467151886 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x8E 0x65 0x3D 0xF4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x8E 0xCD 0x01 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x8E 0xFD 0x78 0x92 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0xE8 0x86 0x93 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList@MRUList caedb ---- EOF - GMER 2.2 ----