GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-10 12:04:40 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000042 WDC_WD2500BEVT-35ZCT0 rev.11.01A11 232,89GB Running: uzbe6qbv.exe; Driver: C:\Users\Marek\AppData\Local\Temp\uxldapow.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\dwm.exe[984] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff802db169a 4 bytes [DB, 02, F8, 7F] .text C:\WINDOWS\system32\dwm.exe[984] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff802db16a2 4 bytes [DB, 02, F8, 7F] .text C:\WINDOWS\system32\dwm.exe[984] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff802db181a 4 bytes [DB, 02, F8, 7F] .text C:\WINDOWS\system32\dwm.exe[984] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff802db1832 4 bytes [DB, 02, F8, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[296] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff802db169a 4 bytes [DB, 02, F8, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[296] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff802db16a2 4 bytes [DB, 02, F8, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[296] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff802db181a 4 bytes [DB, 02, F8, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[296] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff802db1832 4 bytes [DB, 02, F8, 7F] .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1900] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff802db169a 4 bytes [DB, 02, F8, 7F] .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1900] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff802db16a2 4 bytes [DB, 02, F8, 7F] .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1900] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff802db181a 4 bytes [DB, 02, F8, 7F] .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1900] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff802db1832 4 bytes [DB, 02, F8, 7F] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2076] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ff802db169a 4 bytes [DB, 02, F8, 7F] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2076] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ff802db16a2 4 bytes [DB, 02, F8, 7F] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2076] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ff802db181a 4 bytes [DB, 02, F8, 7F] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2076] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ff802db1832 4 bytes [DB, 02, F8, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[2256] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ff802db169a 4 bytes [DB, 02, F8, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[2256] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ff802db16a2 4 bytes [DB, 02, F8, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[2256] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ff802db181a 4 bytes [DB, 02, F8, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[2256] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ff802db1832 4 bytes [DB, 02, F8, 7F] .text C:\WINDOWS\Explorer.EXE[3888] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff802db169a 4 bytes [DB, 02, F8, 7F] .text C:\WINDOWS\Explorer.EXE[3888] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff802db16a2 4 bytes [DB, 02, F8, 7F] .text C:\WINDOWS\Explorer.EXE[3888] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff802db181a 4 bytes [DB, 02, F8, 7F] .text C:\WINDOWS\Explorer.EXE[3888] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff802db1832 4 bytes [DB, 02, F8, 7F] .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[520] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ff802db169a 4 bytes [DB, 02, F8, 7F] .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[520] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ff802db16a2 4 bytes [DB, 02, F8, 7F] .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[520] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ff802db181a 4 bytes [DB, 02, F8, 7F] .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[520] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ff802db1832 4 bytes [DB, 02, F8, 7F] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[916] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffff7a21f6a 4 bytes [A2, F7, FF, 7F] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[916] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffff7a21f82 4 bytes [A2, F7, FF, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [680:3744] fffff960009ad4d0 Thread C:\WINDOWS\system32\svchost.exe [1612:2836] 00007ffff6e01584 Thread C:\WINDOWS\system32\svchost.exe [1612:2868] 00007ffff6da1b30 Thread C:\WINDOWS\system32\svchost.exe [1612:3812] 00007ffff7344608 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:1268] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:1292] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:1296] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:1328] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:1416] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:1420] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:1692] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:1580] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:1720] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:2112] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:2116] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:2124] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:2128] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:2132] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:2136] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:2140] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:2156] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:2160] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:2316] 0000000077dd5658 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:2324] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:2552] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:2556] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:2560] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:2564] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:2628] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:2632] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:3272] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:3488] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:3492] 00000000745f29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1984:5076] 0000000077dd5658 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [3888] (Secure overlay library/Microsoft)(2014-10-25 20:51:59) 00007fffeeaa0000 Library C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [3888](2014-11-10 10:09:56) 00007fffee570000 ---- Services - GMER 2.1 ---- Service system32\DRIVERS\eamonm.sys (*** hidden *** ) [DISABLED] eamonm <-- ROOTKIT !!! Service (*** hidden *** ) [SYSTEM] SCDEmu <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xDB 0x65 0x02 0xBD ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xFD 0x2D 0xD5 0x60 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x13 0x8D 0x09 0xBD ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x4B 0x90 0xD7 0x60 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 11 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SEC32450_00_07D8_93^389FBF8ABE7DC91BE2C6C684EAF72B47@Timestamp 0x7C 0xAB 0xC8 0xDC ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 708 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll??\??\C:\WINDOWS\TEMP\logishrd\??\??\C:\WINDOWS\TEMP\logishrd\LVPrcInj02.dll??\??\C:\WINDOWS\TEMP\logishrd\??\??\C:\Users\Marek\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\Marek\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\Marek\AppData\Local\Temp\nso16D8.tmp\nsProcess.dll??\??\C:\Users\Marek\AppData\Local\Temp\nso16D8.tmp\??\??\C:\Config.Msi\d7a3e.rbf?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 4521945 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1085398246 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 16 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 427056032 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 11897 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 09e469e8-e605-4b55-8d07-3d038d2 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AITEventLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SQMLogger@FileCounter 6 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices\{00001101-0000-1000-8000-00805f9b34fb} Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices\{00001101-0000-1000-8000-00805f9b34fb}@ Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices\{00001101-0000-1000-8000-00805f9b34fb}@PnpInstanceCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices\{00001101-0000-1000-8000-00805f9b34fb}\0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices\{00001101-0000-1000-8000-00805f9b34fb}\0@AssocBdAddr 0x82 0x49 0xFB 0x8D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices\{00001101-0000-1000-8000-00805f9b34fb}\0@DeviceString ????????H???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????`?????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices\{00001101-0000-1000-8000-00805f9b34fb}\0@Enabled 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices\{00001101-0000-1000-8000-00805f9b34fb}\0@PnpInstance 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices\{00001101-0000-1000-8000-00805f9b34fb}\0@ServiceName Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices\{00001101-0000-1000-8000-00805f9b34fb}\1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices\{00001101-0000-1000-8000-00805f9b34fb}\1@AssocBdAddr 0x82 0x49 0xFB 0x8D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices\{00001101-0000-1000-8000-00805f9b34fb}\1@DeviceString ????????H???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????`?????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices\{00001101-0000-1000-8000-00805f9b34fb}\1@Enabled 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices\{00001101-0000-1000-8000-00805f9b34fb}\1@PnpInstance 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\BTHPORT\LocalServices\{00001101-0000-1000-8000-00805f9b34fb}\1@ServiceName Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\HidBth Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@Bluetooth_UniqueID {0000111f-0000-1000-8000-00805f9b34fb}#B0358DFB4982_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@Bluetooth_UniqueID {00001105-0000-1000-8000-00805f9b34fb}#B0358DFB4982_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@Bluetooth_UniqueID {0000112d-0000-1000-8000-00805f9b34fb}#B0358DFB4982_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@Bluetooth_UniqueID {0000112f-0000-1000-8000-00805f9b34fb}#B0358DFB4982_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005@Bluetooth_UniqueID {00000000-0000-0000-0000-000000000000}#B0358DFB4982_00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0006 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0006@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0006@Bluetooth_UniqueID {00001112-0000-1000-8000-00805f9b34fb}#B0358DFB4982_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0006@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0007 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0007@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0007@Bluetooth_UniqueID {00001106-0000-1000-8000-00805f9b34fb}#B0358DFB4982_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0007@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0008 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0008@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0008@Bluetooth_UniqueID {00001116-0000-1000-8000-00805f9b34fb}#B0358DFB4982_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0008@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{84848a16-2d4a-4941-9607-764ed9d83f89}@LastProbeTime 1415616226 Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@DisplayName eamonm Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@Description Eset file on-access scanner Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@SupportedFeatures 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@Start 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@ImagePath system32\DRIVERS\eamonm.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@DeleteFlag 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm\Instances@DefaultInstance AmonMinifilter Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm\Instances\AmonMinifilter Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm\Instances\AmonMinifilter Instance@Altitude 328700 Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm\Instances\AmonMinifilter Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm\Parameters@Flags 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?Pn?, ?lis ?10 ?14, 10:49:29??????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\SCDEmu Reg HKLM\SYSTEM\CurrentControlSet\Services\SCDEmu@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SCDEmu@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SCDEmu@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SCDEmu@DisplayName SCDEmu Reg HKLM\SYSTEM\CurrentControlSet\Services\SCDEmu Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1143 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 25 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-200|Desc=@%systemroot%\system32\provsvc.dll,-201|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-203|Desc=@%systemroot%\system32\provsvc.dll,-204|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-205|Desc=@%systemroot%\system32\provsvc.dll,-206|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-207|Desc=@%systemroot%\system32\provsvc.dll,-208|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 13 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F87B6E4F-E395-4509-981C-8682DB862BC7}@LeaseObtainedTime 1415612606 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F87B6E4F-E395-4509-981C-8682DB862BC7}@T1 1415616206 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F87B6E4F-E395-4509-981C-8682DB862BC7}@T2 1415618906 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F87B6E4F-E395-4509-981C-8682DB862BC7}@LeaseTerminatesTime 1415619806 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpdUpFltr\Parameters\Wdf@TimeOfLastSqmLog 0xBD 0xDD 0x22 0xA9 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{5f59cc13-1fc6-11e3-be7a-001377aee53f}@Active 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 210 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce@Application Restart #0 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed Reg HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce@Application Restart #1 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session Reg HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce@Application Restart #2 C:\Program Files\Internet Explorer\iexplore.exe -restart /WERRESTART Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store@LastTileRefresh 0x2D 0x9E 0xD4 0xE6 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store\RefreshBannedAppList@BannedAppsLastModified 0x00 0xA9 0xAD 0xAB ... ---- EOF - GMER 2.1 ----