GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-23 17:34:58 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: ddqr1vy8.exe; Driver: C:\Users\Julia\AppData\Local\Temp\ugloypod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e816b0 5 bytes JMP 0000000076fe0018 .text C:\Windows\System32\hkcmd.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e816b0 5 bytes JMP 0000000076fe0018 .text C:\Windows\System32\igfxpers.exe[2384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e816b0 5 bytes JMP 0000000076fe0018 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e816b0 5 bytes JMP 0000000076fe0018 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007702fe04 5 bytes JMP 00000001740e1000 .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[1256] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007702fe04 5 bytes JMP 00000001740e1000 .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074da1465 2 bytes [DA, 74] .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074da14bb 2 bytes [DA, 74] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e816b0 5 bytes JMP 0000000076fe0018 .text C:\Windows\system32\svchost.exe[3500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e816b0 5 bytes JMP 0000000176e20018 .text C:\Windows\System32\svchost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e816b0 5 bytes JMP 0000000176e20018 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e816b0 5 bytes JMP 0000000076fe0018 .text C:\Windows\SysWOW64\ctfmon.exe[3200] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007702fe04 5 bytes JMP 00000001740e1000 .text C:\Windows\explorer.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e816b0 5 bytes JMP 0000000076fe0018 .text C:\Windows\System32\rundll32.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e816b0 5 bytes JMP 0000000076fe0018 .text C:\Users\Julia\Desktop\ddqr1vy8.exe[4576] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007702fe04 5 bytes JMP 00000001740e1000 ---- Processes - GMER 2.1 ---- Library C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [3008] 000007feeb860000 Library C:\Program Files\Common Files\Microsoft Shared\Office15\MSOIDCLIL.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [3008] 000007fef5bb0000 Library C:\Program Files\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [3008] 000007fee58a0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Karta Microsoft ISATAP 1?2? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}?\Device\{DC1347D2-EB39-4459-9EB5-B217974A3C8C}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{E1589BD3-C286-4DB2-89D2-7BE75730A260}"?"{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}"?"{DC1347D2-EB39-4459-9EB5-B217974A3C8C}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\TCPIP6TUNNEL_{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}?\Device\TCPIP6TUNNEL_{DC1347D2-EB39-4459-9EB5-B217974A3C8C}? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind \Device\Smb_Tcpip_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\Smb_Tcpip_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\Smb_Tcpip6_{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\Smb_Tcpip6_{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}?\Device\Smb_Tcpip6_{DC1347D2-EB39-4459-9EB5-B217974A3C8C}?\Device\Smb_Tcpip6_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\Smb_Tcpip6_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\Tcpip_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\Tcpip_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\Tcpip6_{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\Tcpip6_{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}?\Device\Tcpip6_{DC1347D2-EB39-4459-9EB5-B217974A3C8C}?\Device\Tcpip6_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\Tcpip6_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\NetbiosSmb?\Device\NetBT_Tcpip_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\NetBT_Tcpip_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\NetBT_Tcpip6_{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\NetBT_Tcpip6_{56D44A6B-C2CF-44D9-8D2E- Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route "Smb" "Tcpip" "{3378E14F-FF32-4049-9938-C56F6648CA82}"?"Smb" "Tcpip" "{B868C99D-2D2E-4EAA-9848-9C6489357F26}"?"Smb" "Tcpip6" "{E1589BD3-C286-4DB2-89D2-7BE75730A260}"?"Smb" "Tcpip6" "{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}"?"Smb" "Tcpip6" "{DC1347D2-EB39-4459-9EB5-B217974A3C8C}"?"Smb" "Tcpip6" "{3378E14F-FF32-4049-9938-C56F6648CA82}"?"Smb" "Tcpip6" "{B868C99D-2D2E-4EAA-9848-9C6489357F26}"?"Tcpip" "{3378E14F-FF32-4049-9938-C56F6648CA82}"?"Tcpip" "{B868C99D-2D2E-4EAA-9848-9C6489357F26}"?"Tcpip6" "{E1589BD3-C286-4DB2-89D2-7BE75730A260}"?"Tcpip6" "{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}"?"Tcpip6" "{DC1347D2-EB39-4459-9EB5-B217974A3C8C}"?"Tcpip6" "{3378E14F-FF32-4049-9938-C56F6648CA82}"?"Tcpip6" "{B868C99D-2D2E-4EAA-9848-9C6489357F26}"?"NetbiosSmb"?"NetBT" "Tcpip" "{3378E14F-FF32-4049-9938-C56F6648CA82}"?"NetBT" "Tcpip" "{B868C99D-2D2E-4EAA-9848-9C6489357F26}"?"NetBT" "Tcpip6" "{E1589BD3-C286-4DB2-89D2-7BE75730A260}"?"NetBT" "Tcpip6" "{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}"?"NetBT" "Tcpip6" "{DC1347D2-EB39-4459-9EB5 Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export \Device\LanmanServer_Smb_Tcpip_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\LanmanServer_Smb_Tcpip_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\LanmanServer_Smb_Tcpip6_{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\LanmanServer_Smb_Tcpip6_{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}?\Device\LanmanServer_Smb_Tcpip6_{DC1347D2-EB39-4459-9EB5-B217974A3C8C}?\Device\LanmanServer_Smb_Tcpip6_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\LanmanServer_Smb_Tcpip6_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\LanmanServer_Tcpip_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\LanmanServer_Tcpip_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\LanmanServer_Tcpip6_{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\LanmanServer_Tcpip6_{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}?\Device\LanmanServer_Tcpip6_{DC1347D2-EB39-4459-9EB5-B217974A3C8C}?\Device\LanmanServer_Tcpip6_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\LanmanServer_Tcpip6_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\LanmanServer_NetbiosSmb?\Device\LanmanServer_NetBT_Tc Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind \Device\Smb_Tcpip_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\Smb_Tcpip_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\Smb_Tcpip6_{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\Smb_Tcpip6_{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}?\Device\Smb_Tcpip6_{DC1347D2-EB39-4459-9EB5-B217974A3C8C}?\Device\Smb_Tcpip6_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\Smb_Tcpip6_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\Tcpip_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\Tcpip_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\Tcpip6_{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\Tcpip6_{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}?\Device\Tcpip6_{DC1347D2-EB39-4459-9EB5-B217974A3C8C}?\Device\Tcpip6_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\Tcpip6_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\NetbiosSmb?\Device\NetBT_Tcpip_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\NetBT_Tcpip_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\NetBT_Tcpip6_{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\NetBT_Tcpip6_{56D44A6B-C2CF-44D9-8D2E- Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route "Smb" "Tcpip" "{3378E14F-FF32-4049-9938-C56F6648CA82}"?"Smb" "Tcpip" "{B868C99D-2D2E-4EAA-9848-9C6489357F26}"?"Smb" "Tcpip6" "{E1589BD3-C286-4DB2-89D2-7BE75730A260}"?"Smb" "Tcpip6" "{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}"?"Smb" "Tcpip6" "{DC1347D2-EB39-4459-9EB5-B217974A3C8C}"?"Smb" "Tcpip6" "{3378E14F-FF32-4049-9938-C56F6648CA82}"?"Smb" "Tcpip6" "{B868C99D-2D2E-4EAA-9848-9C6489357F26}"?"Tcpip" "{3378E14F-FF32-4049-9938-C56F6648CA82}"?"Tcpip" "{B868C99D-2D2E-4EAA-9848-9C6489357F26}"?"Tcpip6" "{E1589BD3-C286-4DB2-89D2-7BE75730A260}"?"Tcpip6" "{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}"?"Tcpip6" "{DC1347D2-EB39-4459-9EB5-B217974A3C8C}"?"Tcpip6" "{3378E14F-FF32-4049-9938-C56F6648CA82}"?"Tcpip6" "{B868C99D-2D2E-4EAA-9848-9C6489357F26}"?"NetbiosSmb"?"NetBT" "Tcpip" "{3378E14F-FF32-4049-9938-C56F6648CA82}"?"NetBT" "Tcpip" "{B868C99D-2D2E-4EAA-9848-9C6489357F26}"?"NetBT" "Tcpip6" "{E1589BD3-C286-4DB2-89D2-7BE75730A260}"?"NetBT" "Tcpip6" "{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}"?"NetBT" "Tcpip6" "{DC1347D2-EB39-4459-9EB5 Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export \Device\LanmanWorkstation_Smb_Tcpip_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\LanmanWorkstation_Smb_Tcpip_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\LanmanWorkstation_Smb_Tcpip6_{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\LanmanWorkstation_Smb_Tcpip6_{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}?\Device\LanmanWorkstation_Smb_Tcpip6_{DC1347D2-EB39-4459-9EB5-B217974A3C8C}?\Device\LanmanWorkstation_Smb_Tcpip6_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\LanmanWorkstation_Smb_Tcpip6_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\LanmanWorkstation_Tcpip_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\LanmanWorkstation_Tcpip_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\LanmanWorkstation_Tcpip6_{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\LanmanWorkstation_Tcpip6_{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}?\Device\LanmanWorkstation_Tcpip6_{DC1347D2-EB39-4459-9EB5-B217974A3C8C}?\Device\LanmanWorkstation_Tcpip6_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\LanmanWorkstation_Tcpip6_{B868C99D-2D2E-4EAA-9848-9C648 Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind \Device\NetBT_Tcpip_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\NetBT_Tcpip_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\NetBT_Tcpip6_{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\NetBT_Tcpip6_{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}?\Device\NetBT_Tcpip6_{DC1347D2-EB39-4459-9EB5-B217974A3C8C}?\Device\NetBT_Tcpip6_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\NetBT_Tcpip6_{B868C99D-2D2E-4EAA-9848-9C6489357F26}? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route "NetBT" "Tcpip" "{3378E14F-FF32-4049-9938-C56F6648CA82}"?"NetBT" "Tcpip" "{B868C99D-2D2E-4EAA-9848-9C6489357F26}"?"NetBT" "Tcpip6" "{E1589BD3-C286-4DB2-89D2-7BE75730A260}"?"NetBT" "Tcpip6" "{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}"?"NetBT" "Tcpip6" "{DC1347D2-EB39-4459-9EB5-B217974A3C8C}"?"NetBT" "Tcpip6" "{3378E14F-FF32-4049-9938-C56F6648CA82}"?"NetBT" "Tcpip6" "{B868C99D-2D2E-4EAA-9848-9C6489357F26}"? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export \Device\NetBIOS_NetBT_Tcpip_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\NetBIOS_NetBT_Tcpip_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\NetBIOS_NetBT_Tcpip6_{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\NetBIOS_NetBT_Tcpip6_{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}?\Device\NetBIOS_NetBT_Tcpip6_{DC1347D2-EB39-4459-9EB5-B217974A3C8C}?\Device\NetBIOS_NetBT_Tcpip6_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\NetBIOS_NetBT_Tcpip6_{B868C99D-2D2E-4EAA-9848-9C6489357F26}? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters@MaxLana 6 Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind \Device\Tcpip_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\Tcpip_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\Tcpip6_{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\Tcpip6_{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}?\Device\Tcpip6_{DC1347D2-EB39-4459-9EB5-B217974A3C8C}?\Device\Tcpip6_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\Tcpip6_{B868C99D-2D2E-4EAA-9848-9C6489357F26}? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route "Tcpip" "{3378E14F-FF32-4049-9938-C56F6648CA82}"?"Tcpip" "{B868C99D-2D2E-4EAA-9848-9C6489357F26}"?"Tcpip6" "{E1589BD3-C286-4DB2-89D2-7BE75730A260}"?"Tcpip6" "{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}"?"Tcpip6" "{DC1347D2-EB39-4459-9EB5-B217974A3C8C}"?"Tcpip6" "{3378E14F-FF32-4049-9938-C56F6648CA82}"?"Tcpip6" "{B868C99D-2D2E-4EAA-9848-9C6489357F26}"? Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export \Device\NetBT_Tcpip_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\NetBT_Tcpip_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\NetBT_Tcpip6_{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\NetBT_Tcpip6_{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}?\Device\NetBT_Tcpip6_{DC1347D2-EB39-4459-9EB5-B217974A3C8C}?\Device\NetBT_Tcpip6_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\NetBT_Tcpip6_{B868C99D-2D2E-4EAA-9848-9C6489357F26}? Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 1619 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 3728 Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind \Device\Tcpip_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\Tcpip_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\Tcpip6_{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\Tcpip6_{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}?\Device\Tcpip6_{DC1347D2-EB39-4459-9EB5-B217974A3C8C}?\Device\Tcpip6_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\Tcpip6_{B868C99D-2D2E-4EAA-9848-9C6489357F26}? Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route "Tcpip" "{3378E14F-FF32-4049-9938-C56F6648CA82}"?"Tcpip" "{B868C99D-2D2E-4EAA-9848-9C6489357F26}"?"Tcpip6" "{E1589BD3-C286-4DB2-89D2-7BE75730A260}"?"Tcpip6" "{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}"?"Tcpip6" "{DC1347D2-EB39-4459-9EB5-B217974A3C8C}"?"Tcpip6" "{3378E14F-FF32-4049-9938-C56F6648CA82}"?"Tcpip6" "{B868C99D-2D2E-4EAA-9848-9C6489357F26}"? Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export \Device\Smb_Tcpip_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\Smb_Tcpip_{B868C99D-2D2E-4EAA-9848-9C6489357F26}?\Device\Smb_Tcpip6_{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\Smb_Tcpip6_{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}?\Device\Smb_Tcpip6_{DC1347D2-EB39-4459-9EB5-B217974A3C8C}?\Device\Smb_Tcpip6_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\Smb_Tcpip6_{B868C99D-2D2E-4EAA-9848-9C6489357F26}? Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B868C99D-2D2E-4EAA-9848-9C6489357F26}@LeaseObtainedTime 1422025009 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B868C99D-2D2E-4EAA-9848-9C6489357F26}@T1 1422068209 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B868C99D-2D2E-4EAA-9848-9C6489357F26}@T2 1422100609 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B868C99D-2D2E-4EAA-9848-9C6489357F26}@LeaseTerminatesTime 1422111409 Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind \Device\{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}?\Device\{DC1347D2-EB39-4459-9EB5-B217974A3C8C}?\Device\{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\{B868C99D-2D2E-4EAA-9848-9C6489357F26}? Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Route "{E1589BD3-C286-4DB2-89D2-7BE75730A260}"?"{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}"?"{DC1347D2-EB39-4459-9EB5-B217974A3C8C}"?"{3378E14F-FF32-4049-9938-C56F6648CA82}"?"{B868C99D-2D2E-4EAA-9848-9C6489357F26}"? Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export \Device\Tcpip6_{E1589BD3-C286-4DB2-89D2-7BE75730A260}?\Device\Tcpip6_{56D44A6B-C2CF-44D9-8D2E-3514888E11FA}?\Device\Tcpip6_{DC1347D2-EB39-4459-9EB5-B217974A3C8C}?\Device\Tcpip6_{3378E14F-FF32-4049-9938-C56F6648CA82}?\Device\Tcpip6_{B868C99D-2D2E-4EAA-9848-9C6489357F26}? ---- EOF - GMER 2.1 ----