GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-29 22:18:37 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000035 ST1000LM014-SSHD-8GB rev.LVD6 931,51GB Running: 9491b272.exe; Driver: C:\Users\BD\AppData\Local\Temp\uxddypoc.sys ---- User IAT/EAT - GMER 2.2 ---- IAT C:\WINDOWS\Explorer.EXE[1952] @ C:\WINDOWS\SYSTEM32\MSVCP140.dll[VCRUNTIME140.dll!memset] [0] IAT C:\WINDOWS\Explorer.EXE[1952] @ C:\WINDOWS\SYSTEM32\MSVCP140.dll[VCRUNTIME140.dll!memcmp] [7ffe9d9d1960] C:\WINDOWS\System32\ucrtbase.dll IAT C:\WINDOWS\system32\SearchFilterHost.exe[9312] @ C:\WINDOWS\SYSTEM32\MSVCP140.dll[VCRUNTIME140.dll!memset] [0] IAT C:\WINDOWS\system32\SearchFilterHost.exe[9312] @ C:\WINDOWS\SYSTEM32\MSVCP140.dll[VCRUNTIME140.dll!memcmp] [7ffe9d9d1960] C:\WINDOWS\System32\ucrtbase.dll ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [696:756] ffff8386377a6c20 ---- Processes - GMER 2.2 ---- Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll (*** suspicious ***) @ C:\WINDOWS\SysWOW64\SearchProtocolHost.exe [11064] 0000000059c40000 ---- Services - GMER 2.2 ---- Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] CDPUserSvc_436b73e <-- ROOTKIT !!! Service C:\WINDOWS\system32\DRIVERS\IntcDAud.sys (*** hidden *** ) [MANUAL] IntcDAud <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] MessagingService_436b73e <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] OneSyncSvc_436b73e <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] PimIndexMaintenanceSvc_436b73e <-- ROOTKIT !!! Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [MANUAL] UnistoreSvc_436b73e <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] UserDataSvc_436b73e <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] WpnUserService_436b73e <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC $UserProfile$\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\*.fsf?$UserProfile$\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\*.fsd?$UserProfile$\Local Settings\Application Data\Office\16.0\OfficeFileCache\*.fsd?$UserProfile$\Local Settings\Application Data\Office\16.0\OfficeFileCache\*.fsf?$UserProfile$\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\LocalCacheFileEditManager\*.fsf?$UserProfile$\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\LocalCacheFileEditManager\*.fsd?$UserProfile$\Local Settings\Application Data\Office\16.0\OfficeFileCache\LocalCacheFileEditManager\*.fsd?$UserProfile$\Local Settings\Application Data\Office\16.0\OfficeFileCache\LocalCacheFileEditManager\*.fsf?$UserProfile$\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\*.*?$UserProfile$\Local Settings\Application Data\Office\16.0\OfficeFileCache\*.*?$UserProfile$\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\*.fsf?$UserProfile$\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\*.fsd?$UserProfile$\Local Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x89 0xFF 0x26 0xA5 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x1E 0x18 0x81 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xD1 0x61 0x29 0xA5 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x19 0x62 0x9E 0xCD ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 54 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\AUO38ED0_2B_07DE_B0^74182D1226445B9EAF5EDEE8370FC48B@Timestamp 0xD5 0x96 0xE1 0xFD ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 932 Reg HKLM\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings@StringCacheGeneration 165 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???J????? ???????w???????????E?w????????`?7?+????????????????????????k???????????????????????????????????????????????????4???????J???s???????J???J???????????????J???????????????????J???t???????J???????????g???????J???????????J???????????????????J???J???????????????J???????????????????J???????????????????m???????????????m???J???????k??????0?????????????B??J???????????????????????????????????????????????????????A?A?A???r???????????????????????????????????A?????????e?J???????????????????????????????????J???J?????k?b???????????????????????????????????????????????e????????????????????????????????????????????????????????????????????????????????????????????????????????(???????(??Jx???N??J????????X???????????????????????????????????????y??????J?J?J?J?J?J?J?J?J?J?J?J?J?J?J`???????????????????????????????????????y??????????????Jx??????????k?????te=8??????J???|??????IC??????74???J?A?J?JD3???????? ????????????????????J?microsoft.windowsphone_8wekyb3d8bbwe???"??????????????????????????D??????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1003897997 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID d4c5f4e9-a8bb-4540-8814-5e7a6b5 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 3 Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{d64aeccf-29d0-4133-bbda-90021ec3f009} Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel@BufferSize 4 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel@MinimumBuffers 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel@MaximumBuffers 10 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel@FlushTimer 5 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel@MaxFileSize 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel@FileName %SystemRoot%\System32\Winevt\Logs\AirSpaceChannel.etl Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel@Age 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel@LogFileMode 4737 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel@ClockType 2 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel@Guid {130b5681-6c57-58fa-a389-75d426aaaeb2} Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel@OwningChannel AirSpaceChannel Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel@Status 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel\{f562bb8e-422d-4b5c-b20e-90d710f7d11c} Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel\{f562bb8e-422d-4b5c-b20e-90d710f7d11c}@Enabled 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel\{f562bb8e-422d-4b5c-b20e-90d710f7d11c}@EnableLevel 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel\{f562bb8e-422d-4b5c-b20e-90d710f7d11c}@LoggerName EventLog-AirSpaceChannel Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel\{f562bb8e-422d-4b5c-b20e-90d710f7d11c}@MatchAnyKeyword 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel\{f562bb8e-422d-4b5c-b20e-90d710f7d11c}@MatchAllKeyword 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel\{f562bb8e-422d-4b5c-b20e-90d710f7d11c}@EnableProperty 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-AirSpaceChannel\{f562bb8e-422d-4b5c-b20e-90d710f7d11c}@Status 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName Global\MMF_BITSd2c23c3f-82c6-488b-9378-b22e41e3dffa Reg HKLM\SYSTEM\CurrentControlSet\Services\BthHFEnum\Parameters\Wdf@TimeOfLastTelemetryLog 0x35 0x17 0xBE 0xA4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\bthhfhid\Parameters\Wdf@TimeOfLastTelemetryLog 0x95 0x79 0xC0 0xA4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BthLEEnum\Parameters\Wdf@TimeOfLastTelemetryLog 0x2C 0x8D 0xB4 0xA4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\2c6e85854f6b Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\2c6e85854f6b@e2c90df5b3be 0x69 0xCD 0x9A 0xCC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_436b73e@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_436b73e@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_436b73e@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_436b73e@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_436b73e@DisplayName CDPUserSvc_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_436b73e@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_436b73e@Description @%SystemRoot%\system32\cdpusersvc.dll,-101 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_436b73e\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_436b73e\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{15afa2d8-0b4a-4f4f-a5ee-c270937f890d}@LastProbeTime 1495825576 Reg HKLM\SYSTEM\CurrentControlSet\Services\ialm\Device0@ProfilingToolValues 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\ibtusb\Parameters\Wdf@TimeOfLastTelemetryLog 0x78 0x59 0x4D 0xA4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\IntcDAud@DisplayName @oem0.inf,%IntcDAud.SvcDesc%;Audio dla wy?wietlaczy Intel(R) Reg HKLM\SYSTEM\CurrentControlSet\Services\IntcDAud@Owners oem0.inf? Reg HKLM\SYSTEM\CurrentControlSet\Services\IntelDFUACPI\Parameters\Wdf@TimeOfLastTelemetryLog 0xDA 0x19 0xC6 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_436b73e@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_436b73e@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_436b73e@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_436b73e@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_436b73e@DisplayName Us?uga wiadomo?ci_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_436b73e@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_436b73e@Description @%SystemRoot%\system32\MessagingService.dll,-101 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_436b73e\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_436b73e\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_436b73e\TriggerInfo Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_436b73e\TriggerInfo\0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_436b73e\TriggerInfo\0@Type 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_436b73e\TriggerInfo\0@Action 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_436b73e\TriggerInfo\0@Guid 0x16 0x28 0x7A 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_436b73e\TriggerInfo\0@Data0 0x75 0x18 0xBC 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_436b73e\TriggerInfo\0@DataType0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastTelemetryLog 0x6B 0x50 0xEB 0xA8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_436b73e@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_436b73e@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_436b73e@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_436b73e@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_436b73e@DisplayName Synchronizuj hosta_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_436b73e@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_436b73e@Description @%SystemRoot%\system32\APHostRes.dll,-10001 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_436b73e\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_436b73e\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_436b73e@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_436b73e@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_436b73e@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_436b73e@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_436b73e@DisplayName Dane kontaktowe_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_436b73e@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_436b73e@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-15000 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_436b73e\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_436b73e\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Diagnostics@ReadyBootTrainingCountSinceLastServicing 6 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?pon.?, ?maj ?29 ?17, 03:19:47 PM?????????????????????U???????? Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@EffectivePends 511 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 14838 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 7892 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{92F9EA6E-F3AB-45D3-9F7A-3B1A74AA01AE} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=6004|App=C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe|Name=Microsoft Office Outlook| Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 53 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 799 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8e986ba8-0b5b-41d1-af4a-46852f6f8b9d}@LeaseObtainedTime 1496085717 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8e986ba8-0b5b-41d1-af4a-46852f6f8b9d}@T1 1496128917 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8e986ba8-0b5b-41d1-af4a-46852f6f8b9d}@T2 1496161317 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8e986ba8-0b5b-41d1-af4a-46852f6f8b9d}@LeaseTerminatesTime 1496172117 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_436b73e@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_436b73e@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_436b73e@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_436b73e@ImagePath C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_436b73e@DisplayName Magazyn danych u?ytkownika_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_436b73e@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_436b73e@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-10002 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_436b73e\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_436b73e\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_436b73e@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_436b73e@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_436b73e@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_436b73e@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_436b73e@DisplayName Dost?p do danych u?ytkownika_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_436b73e@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_436b73e@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-14000 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_436b73e\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_436b73e\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xCE 0xFF 0x62 0x7F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xCE 0x67 0x27 0xE1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xCE 0x97 0x9E 0x1D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WINUSB\Parameters\Wdf@TimeOfLastTelemetryLog 0x9C 0x77 0xF4 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 22072 22078 22090 22100 22110 22130 22174 22184 22222 22228 22244 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 22250 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 22251 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 22072 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 22073 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_436b73e@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_436b73e@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_436b73e@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_436b73e@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_436b73e@DisplayName Us?uga u?ytkownika powiadomie? WNS_436b73e Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_436b73e@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_436b73e@Description @%SystemRoot%\system32\WpnUserService.dll,-2 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_436b73e\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_436b73e\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_436b73e Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\4@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\4@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\5@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\5@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\6@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\6@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\7@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\7@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter 595 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 1839 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications@MobileBroadbandLastResetDate 0x3C 0xD8 0x3E 0x0A ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\6fa07a3a@NotificationsCount 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds FE9E855F617E73E6? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@FE9E855F617E73E6 0x7D 0xBE 0xCE 0xB0 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{110A3C4B-5D09-4500-90AC-7EAF203876E9}@LastAccessedTime 0x10 0xF9 0x52 0x90 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{110A3C4B-5D09-4500-90AC-7EAF203876E9}@LaunchCount 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{D9ED4326-AFCC-482B-99A2-92C1ABB39C2D}@LastAccessedTime 0x80 0xB4 0x02 0x27 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{D9ED4326-AFCC-482B-99A2-92C1ABB39C2D}@LaunchCount 2 Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting@LastRateLimitedDumpGenerationTime 0x2C 0xD6 0xB6 0xDB ... Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_WinRAR.exe_1c7b7363eaa1317c57f696233363173f4c0b1c9_bb0e755b_3735ec4a Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0xE6 0x02 0x13 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CloseDialog 0xDE 0x02 0x09 0x00 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----