GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-10 01:12:53 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000039 KINGSTON_SV300S37A240G rev.603ABBF0 223,57GB Running: ffwxhhem.exe; Driver: C:\Users\Magda\AppData\Local\Temp\kftyipog.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 688810292 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\f4b7e2fb9a93 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\f4b7e2fb9a93@5278fd5247d9 0x93 0xDE 0xC5 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x57 0xF8 0x54 0x1E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x57 0x60 0x19 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x57 0x90 0x90 0xBC ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe 0xA2 0xD8 0x48 0xA2 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{4ABF45E2-F0A7-4981-AA72-4F3ADCC50F57}@LastAccessedTime 0xB0 0xF1 0xFA 0x79 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{4ABF45E2-F0A7-4981-AA72-4F3ADCC50F57}@LaunchCount 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{4ABF45E2-F0A7-4981-AA72-4F3ADCC50F57}\RecentItems\{5E31F5AB-2FE4-45F9-8404-2CF0A4DDFB34} Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{4ABF45E2-F0A7-4981-AA72-4F3ADCC50F57}\RecentItems\{5E31F5AB-2FE4-45F9-8404-2CF0A4DDFB34}@Type 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{4ABF45E2-F0A7-4981-AA72-4F3ADCC50F57}\RecentItems\{5E31F5AB-2FE4-45F9-8404-2CF0A4DDFB34}@Path C:\Users\Magda\Desktop\z maila\stres informacyjny to szczeg?lny rodzaj stresu.txt Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{4ABF45E2-F0A7-4981-AA72-4F3ADCC50F57}\RecentItems\{5E31F5AB-2FE4-45F9-8404-2CF0A4DDFB34}@DisplayName stres informacyjny to szczeg?lny rodzaj stresu.txt Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{4ABF45E2-F0A7-4981-AA72-4F3ADCC50F57}\RecentItems\{5E31F5AB-2FE4-45F9-8404-2CF0A4DDFB34}@LastAccessedTime 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{4ABF45E2-F0A7-4981-AA72-4F3ADCC50F57}\RecentItems\{5E31F5AB-2FE4-45F9-8404-2CF0A4DDFB34}@Points 0x00 0x00 0x00 0x00 ---- EOF - GMER 2.2 ----