GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-24 20:32:20 Windows 6.2.9200 x64 \Device\Harddisk2\DR2 -> \Device\0000002e PLEXTOR_PX-128M5Pro rev.1.05 119,24GB Running: utu2d0mj.exe; Driver: C:\Users\krzysiek\AppData\Local\Temp\fwxdiuob.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [10252:5696] ffffb8d1d2c76c20 ---- Services - GMER 2.2 ---- Service C:\WINDOWS\System32\qmgr.dll (*** hidden *** ) [MANUAL] BITS <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] CDPUserSvc_27f3178 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] MessagingService_27f3178 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] OneSyncSvc_27f3178 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] PimIndexMaintenanceSvc_27f3178 <-- ROOTKIT !!! Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [MANUAL] UnistoreSvc_27f3178 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] UserDataSvc_27f3178 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] WpnUserService_27f3178 <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\BNQ801123F04607019_0A_07DF_6A^3F0A41A73D1582FB20F3EB5341F29107@Timestamp 0xF1 0x63 0x66 0x6B ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 897442178 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 20303 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 26647 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime 283 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 495 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 20590 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 428 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 20656 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime 260 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 150 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 21085 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 22036 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 25738 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 22020 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 26637 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 2451 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 49 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 16152 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime 1648 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeSharedBufferTime 31 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 869 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelAnimationTime 15 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 405479 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0x58 0x55 0x02 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 33827 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0x26 0x45 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 282 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberCompressRate 49 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate 365 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 370 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumTime 95 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumIoTime 9 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumTime 98 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumIoTime 13 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime 1082 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 321 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HybridBootAnimationTime 3729 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0xD3 0x63 0x27 0x08 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_27f3178@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_27f3178@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_27f3178@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_27f3178@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_27f3178@DisplayName CDPUserSvc_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_27f3178@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_27f3178@Description @%SystemRoot%\system32\cdpusersvc.dll,-101 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_27f3178\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_27f3178\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{35CF190F-71A5-4AD3-A072-CC4E57642DB8}@DefunctTimestamp 0x85 0x41 0xE4 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{7728580F-BB04-4867-8D8D-A4B1E957860D}@DefunctTimestamp 0xAE 0x29 0xE6 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f3178@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f3178@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f3178@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f3178@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f3178@DisplayName Us?uga wiadomo?ci_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f3178@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f3178@Description @%SystemRoot%\system32\MessagingService.dll,-101 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f3178\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f3178\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f3178\TriggerInfo Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f3178\TriggerInfo\0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f3178\TriggerInfo\0@Type 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f3178\TriggerInfo\0@Action 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f3178\TriggerInfo\0@Guid 0x16 0x28 0x7A 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f3178\TriggerInfo\0@Data0 0x75 0x18 0xBC 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f3178\TriggerInfo\0@DataType0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_27f3178@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_27f3178@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_27f3178@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_27f3178@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_27f3178@DisplayName Synchronizuj hosta_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_27f3178@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_27f3178@Description @%SystemRoot%\system32\APHostRes.dll,-10001 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_27f3178\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_27f3178\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_27f3178@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_27f3178@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_27f3178@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_27f3178@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_27f3178@DisplayName Dane kontaktowe_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_27f3178@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_27f3178@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-15000 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_27f3178\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_27f3178\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1445 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 12 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{27885AA1-7255-4DFA-92BF-CF92182EFDC4} v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUOwn=S-1-5-21-3983764206-117362264-3866418648-1001|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Platform=2:6:2|Platform2=GTEQ| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{8189D3DE-EC55-468F-973F-D1DEAAA1CBCE} v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUOwn=S-1-5-21-3983764206-117362264-3866418648-1001|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Platform=2:6:2|Platform2=GTEQ| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{6AEF2890-B684-47E1-BE9E-98D90FCA15B2} v2.26|Action=Block|Active=TRUE|Dir=In|Name=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUOwn=S-1-5-21-3983764206-117362264-3866418648-1001|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{BFA7DC55-FEEA-4075-9B0C-2C1A8BD51C11} v2.26|Action=Block|Active=TRUE|Dir=Out|Name=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUOwn=S-1-5-21-3983764206-117362264-3866418648-1001|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{696669FE-9EFD-43B8-BC64-DC82D3EB4B89} v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|RA42=IntrAnet|RA62=IntrAnet|Name=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-3983764206-117362264-3866418648-1001|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{361D88C5-41E7-4412-B320-95E801BE3873} v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntrAnet|RA62=IntrAnet|Name=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-3983764206-117362264-3866418648-1001|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{139D234A-99AA-4577-806B-0FDED65DED27} v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Private|Profile=Public|RA42=RmtIntrAnet|RA62=RmtIntrAnet|Name=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-3983764206-117362264-3866418648-1001|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Security=Authenticate| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{7B1FB40B-A257-43FB-B8A2-721F5EFE1C3D} v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Private|Profile=Public|RA42=RmtIntrAnet|RA62=RmtIntrAnet|Name=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-3983764206-117362264-3866418648-1001|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Security=Authenticate| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{5304E4AE-B367-4AFF-9AEE-C324E044F041} v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-3983764206-117362264-3866418648-1001|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_3.6.23981.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}| Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage@Bind \Device\{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\{8DFD2ACC-6DFF-4DEB-9193-D8622396B390}?\Device\{65536787-9A58-48CC-B3B1-95522446C5A3}? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 192.168.2.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{65536787-9a58-48cc-b3b1-95522446c5a3}@LeaseObtainedTime 1474701744 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{65536787-9a58-48cc-b3b1-95522446c5a3}@T1 1474744944 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{65536787-9a58-48cc-b3b1-95522446c5a3}@T2 1474777344 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{65536787-9a58-48cc-b3b1-95522446c5a3}@LeaseTerminatesTime 1474788144 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A047F2A5-607B-4A46-8E84-1BCE1E1EC190}@DhcpIPAddress 0.0.0.0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A047F2A5-607B-4A46-8E84-1BCE1E1EC190}@DhcpSubnetMask 0.0.0.0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_27f3178@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_27f3178@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_27f3178@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_27f3178@ImagePath C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_27f3178@DisplayName Magazyn danych u?ytkownika_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_27f3178@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_27f3178@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-10002 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_27f3178\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_27f3178\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_27f3178@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_27f3178@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_27f3178@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_27f3178@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_27f3178@DisplayName Dost?p do danych u?ytkownika_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_27f3178@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_27f3178@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-14000 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_27f3178\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_27f3178\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xC4 0x70 0x6C 0xBE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xC4 0xD8 0x30 0x20 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xC4 0x08 0xA8 0x5C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_27f3178@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_27f3178@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_27f3178@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_27f3178@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_27f3178@DisplayName Us?uga u?ytkownika powiadomie? WNS_27f3178 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_27f3178@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_27f3178@Description @%SystemRoot%\system32\WpnUserService.dll,-2 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_27f3178\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_27f3178\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_27f3178 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome 0x0C 0x1F 0x9F 0x7C ... ---- Files - GMER 2.2 ---- File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a983 0 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a984 0 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a985 0 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a986 0 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a987 0 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a988 0 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a989 0 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a98a 0 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a98b 0 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a98c 0 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a98d 0 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a98e 0 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a98f 0 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a991 0 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00a982 0 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\95E9.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\95EA.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\95EB.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\95EC.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\95ED.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\95EE.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\95EF.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\95F0.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9601.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9602.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9603.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9604.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9605.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9606.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9607.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9608.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9609.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\960A.tmp 0 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\960B.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\961C.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\961D.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\961E.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\961F.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9620.tmp 28134 bytes File C:\Users\krzysiek\AppData\Local\Microsoft\Windows\WebCache\V0100299.log 524288 bytes ---- EOF - GMER 2.2 ----