GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-06 16:54:31 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N040ATMR04-0 rev.MO2OAD4A 37,26GB Running: ztyyetyr.exe; Driver: C:\DOCUME~1\KAMILK~1\USTAWI~1\Temp\pxtdqpod.sys ---- User IAT/EAT - GMER 2.2 ---- IAT C:\WINDOWS\system32\winlogon.exe[796] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtLockProductActivationKeys] [0500073E] C:\WINDOWS\system32\antiwpa.dll IAT C:\WINDOWS\system32\winlogon.exe[796] @ C:\WINDOWS\system32\winlogon.exe [USER32.dll!GetSystemMetrics] [05000756] C:\WINDOWS\system32\antiwpa.dll ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 3589 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 85.128.107.242 213.134.134.134 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}@DhcpServer 192.168.0.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}@Lease 7200 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}@LeaseObtainedTime 1478337939 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}@T1 1478341539 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}@T2 1478344239 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}@LeaseTerminatesTime 1478345139 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}@AddressType 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}@DhcpIPAddress 192.168.0.19 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}@DhcpSubnetMask 255.255.255.0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}@DhcpRetryTime 3597 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}@DhcpNameServer 85.128.107.242 213.134.134.134 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}@DhcpDefaultGateway 192.168.0.1? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}@DhcpSubnetMaskOpt 255.255.255.0? Reg HKLM\SYSTEM\CurrentControlSet\Services\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}\Parameters\Tcpip@DhcpIPAddress 192.168.0.19 Reg HKLM\SYSTEM\CurrentControlSet\Services\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}\Parameters\Tcpip@DhcpSubnetMask 255.255.255.0 Reg HKLM\SYSTEM\CurrentControlSet\Services\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}\Parameters\Tcpip@DhcpServer 192.168.0.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}\Parameters\Tcpip@Lease 7200 Reg HKLM\SYSTEM\CurrentControlSet\Services\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}\Parameters\Tcpip@LeaseObtainedTime 1478337939 Reg HKLM\SYSTEM\CurrentControlSet\Services\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}\Parameters\Tcpip@T1 1478341539 Reg HKLM\SYSTEM\CurrentControlSet\Services\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}\Parameters\Tcpip@T2 1478344239 Reg HKLM\SYSTEM\CurrentControlSet\Services\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}\Parameters\Tcpip@LeaseTerminatesTime 1478345139 Reg HKLM\SYSTEM\CurrentControlSet\Services\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}\Parameters\Tcpip@DhcpDefaultGateway 192.168.0.1? Reg HKLM\SYSTEM\CurrentControlSet\Services\{3F5AD6C1-0785-47DF-8E10-82D637EFE002}\Parameters\Tcpip@DhcpSubnetMaskOpt 255.255.255.0? Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 1952463634 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30553921 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 1953088634 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30553921 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-602162358-1409082233-839522115-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 1953713634 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-602162358-1409082233-839522115-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30553921 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-602162358-1409082233-839522115-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 1954182384 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-602162358-1409082233-839522115-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30553921 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 21 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 9 ---- EOF - GMER 2.2 ----