GMER 2.2.19882 - http://www.gmer.net Rootkit scan Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC38 465,76GB Running: ejt5om4k.exe; Driver: C:\Users\steam\AppData\Local\Temp\pxldapob.sys ---- User code sections - GMER 2.2 ---- ? C:\Windows\system32\apphelp.dll [928] entry point in ".rdata" section 0000000073dbf7c0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[msvcrt.dll!malloc] [cccccccccccccccc] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[msvcrt.dll!_initterm] [cccccccccccccccc] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[msvcrt.dll!_amsg_exit] [e90000e431058d48] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[msvcrt.dll!free] [cccccccccccccccc] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[msvcrt.dll!_XcptFilter] [cccccccccccccccc] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[msvcrt.dll!memcmp] [54894808244c8948] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!NdrStubCall3] [cccc000050b225ff] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!NdrCStdStubBuffer2_Release] [50c625ffcccccccc] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!NdrStubForwardingFunction] [cccccccccccc0000] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!CStdStubBuffer_Connect] [cccc000050fa25ff] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!CStdStubBuffer_IsIIDSupported] [507e25ffcccccccc] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!IUnknown_QueryInterface_Proxy] [cccccccccccc0000] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!NdrCStdStubBuffer_Release] [cccccccccccccccc] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!NdrDllCanUnloadNow] [cccccccccccccccc] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!NdrDllGetClassObject] [cccccccccccccccc] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!NdrDllRegisterProxy] [e90000e611058d48] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!CStdStubBuffer_Invoke] [cccccccc00000014] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!IUnknown_AddRef_Proxy] [cccccccccccccccc] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!CStdStubBuffer_DebugServerQueryInterface] [cccccccccccccccc] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!CStdStubBuffer_Disconnect] [54894808244c8948] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!NdrOleFree] [4c182444894c1024] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!CStdStubBuffer_AddRef] [68ec834820244c89] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!IUnknown_Release_Proxy] [f662024447f0f66] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!CStdStubBuffer_CountRefs] [547f0f6630244c7f] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!CStdStubBuffer_QueryInterface] [50245c7f0f664024] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!NdrOleAllocate] [a0260d8d48d08b48] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!CStdStubBuffer_DebugServerRelease] [66ffffec11e80000] IAT C:\Windows\system32\svchost.exe[448] @ C:\Windows\System32\wups.dll[RPCRT4.dll!NdrDllUnregisterProxy] [6f0f662024446f0f] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [588:704] ffff8caecc336c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x99 0xDB 0x7E 0x35 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x71 0x33 0x4F 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x99 0xDB 0x7E 0x35 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xEC 0x41 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 51 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\GSM4AE952707_08_07D7_EC^6BB74C1377ED85CE820B1BC566621FEC@Timestamp 0x83 0x20 0xD7 0x35 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 656 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 257682175 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID cfeb39d9-d7d3-4fb2-b19f-3a0d7aa Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{af48d632-aaf0-448f-8d85-5af88cb3fe9e} Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_2be1d@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_2be1d@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_2be1d@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_2be1d@ImagePath C:\Windows\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_2be1d@DisplayName CDPUserSvc_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_2be1d@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_2be1d@Description @%SystemRoot%\system32\cdpusersvc.dll,-101 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_2be1d\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_2be1d\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{dcdf9c98-19d8-417f-b665-aac54c0960b4}@LastProbeTime 1484508961 Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Export \Device\LanmanServer_NetbiosSmb?\Device\LanmanServer_NetBT_Tcpip_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\LanmanServer_NetBT_Tcpip6_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\LanmanServer_Tcpip6_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\LanmanServer_Tcpip_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\LanmanServer_NetBT_Tcpip6_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\LanmanServer_Tcpip6_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\LanmanServer_Tcpip_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\LanmanServer_NetBT_Tcpip_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\LanmanServer_NetBT_Tcpip6_{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}?\Device\LanmanServer_Tcpip6_{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}?\Device\LanmanServer_Tcpip_{1B68A602-9114-47AD-8C35-61C1A0AAFA43}?\Device\LanmanServer_NetBT_Tcpip6_{1B68A602-9114-47AD-8C35-61C1A0AAFA43}?\Device\LanmanServer_NetBT_Tcpip6_{E90DC1B4-7A9F-49A2-A599-81757476D94F}?\Device\LanmanServer_NetBT_Tcpip6_{2C0C83C2-119B-4343-A677-AB90F9D473D2}?\Device\La Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Bind \Device\NetbiosSmb?\Device\NetBT_Tcpip_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\NetBT_Tcpip6_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\Tcpip6_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\Tcpip_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\NetBT_Tcpip6_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\Tcpip6_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\Tcpip_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\NetBT_Tcpip_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\NetBT_Tcpip6_{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}?\Device\Tcpip6_{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}?\Device\Tcpip_{1B68A602-9114-47AD-8C35-61C1A0AAFA43}?\Device\NetBT_Tcpip6_{1B68A602-9114-47AD-8C35-61C1A0AAFA43}?\Device\NetBT_Tcpip6_{E90DC1B4-7A9F-49A2-A599-81757476D94F}?\Device\NetBT_Tcpip6_{2C0C83C2-119B-4343-A677-AB90F9D473D2}?\Device\Tcpip6_{7B3AE591-1DF3-44B2-9D73-8D8CD27FCFA6}?\Device\NetBT_Tcpip6_{7B3AE591-1DF3-44B2-9D73-8D8CD27FCFA6}?\Device\Tcpip6_{6BC049C0-9099-47F2-B375-5AFC350B38E0}?\Device\NetBT_Tcpip6_{6BC049C0-9099-4 Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Route "NetbiosSmb"?"NetBT" "Tcpip" "{BB0658BD-5001-4F21-8865-1EC6210CD972}"?"NetBT" "Tcpip6" "{BB0658BD-5001-4F21-8865-1EC6210CD972}"?"Tcpip6" "{AFDED383-61FA-462C-B2E2-D7F676E42352}"?"Tcpip" "{AFDED383-61FA-462C-B2E2-D7F676E42352}"?"NetBT" "Tcpip6" "{AFDED383-61FA-462C-B2E2-D7F676E42352}"?"Tcpip6" "{BB0658BD-5001-4F21-8865-1EC6210CD972}"?"Tcpip" "{BB0658BD-5001-4F21-8865-1EC6210CD972}"?"NetBT" "Tcpip" "{AFDED383-61FA-462C-B2E2-D7F676E42352}"?"NetBT" "Tcpip6" "{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}"?"Tcpip6" "{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}"?"NetBT" "Tcpip6" "{B2F252A6-BA1E-4DF7-AEC4-3001C01D61DD}"?"Tcpip6" "{B2F252A6-BA1E-4DF7-AEC4-3001C01D61DD}"?"Tcpip6" "{E90DC1B4-7A9F-49A2-A599-81757476D94F}"?"NetBT" "Tcpip6" "{E90DC1B4-7A9F-49A2-A599-81757476D94F}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Export \Device\LanmanWorkstation_NetbiosSmb?\Device\LanmanWorkstation_NetBT_Tcpip_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\LanmanWorkstation_NetBT_Tcpip6_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\LanmanWorkstation_NetBT_Tcpip6_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\LanmanWorkstation_Tcpip_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\LanmanWorkstation_Tcpip6_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\LanmanWorkstation_Tcpip_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\LanmanWorkstation_NetBT_Tcpip_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\LanmanWorkstation_Tcpip6_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\LanmanWorkstation_NetBT_Tcpip6_{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}?\Device\LanmanWorkstation_Tcpip6_{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}?\Device\LanmanWorkstation_NetBT_Tcpip_{1B68A602-9114-47AD-8C35-61C1A0AAFA43}?\Device\LanmanWorkstation_Tcpip6_{1B68A602-9114-47AD-8C35-61C1A0AAFA43}?\Device\LanmanWorkstation_NetBT_Tcpip6_{E90DC1B4-7A9F-49A2-A599-81757476D94F}?\Device\Lanma Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Bind \Device\NetbiosSmb?\Device\NetBT_Tcpip_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\NetBT_Tcpip6_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\NetBT_Tcpip6_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\Tcpip_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\Tcpip6_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\Tcpip_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\NetBT_Tcpip_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\Tcpip6_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\NetBT_Tcpip6_{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}?\Device\Tcpip6_{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}?\Device\NetBT_Tcpip_{1B68A602-9114-47AD-8C35-61C1A0AAFA43}?\Device\Tcpip6_{1B68A602-9114-47AD-8C35-61C1A0AAFA43}?\Device\NetBT_Tcpip6_{E90DC1B4-7A9F-49A2-A599-81757476D94F}?\Device\Tcpip_{2C0C83C2-119B-4343-A677-AB90F9D473D2}?\Device\NetBT_Tcpip6_{7B3AE591-1DF3-44B2-9D73-8D8CD27FCFA6}?\Device\NetBT_Tcpip6_{6BC049C0-9099-47F2-B375-5AFC350B38E0}?\Device\Tcpip6_{6BC049C0-9099-47F2-B375-5AFC350B38E0}?\Device\NetBT_Tcpip6_{7F154439-2E51-40 Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Route "NetbiosSmb"?"NetBT" "Tcpip" "{BB0658BD-5001-4F21-8865-1EC6210CD972}"?"NetBT" "Tcpip6" "{BB0658BD-5001-4F21-8865-1EC6210CD972}"?"NetBT" "Tcpip6" "{AFDED383-61FA-462C-B2E2-D7F676E42352}"?"Tcpip" "{AFDED383-61FA-462C-B2E2-D7F676E42352}"?"Tcpip6" "{AFDED383-61FA-462C-B2E2-D7F676E42352}"?"Tcpip" "{BB0658BD-5001-4F21-8865-1EC6210CD972}"?"NetBT" "Tcpip" "{AFDED383-61FA-462C-B2E2-D7F676E42352}"?"Tcpip6" "{BB0658BD-5001-4F21-8865-1EC6210CD972}"?"NetBT" "Tcpip6" "{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}"?"Tcpip6" "{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}"?"NetBT" "Tcpip6" "{B2F252A6-BA1E-4DF7-AEC4-3001C01D61DD}"?"Tcpip6" "{B2F252A6-BA1E-4DF7-AEC4-3001C01D61DD}"?"Tcpip6" "{E90DC1B4-7A9F-49A2-A599-81757476D94F}"?"NetBT" "Tcpip6" "{E90DC1B4-7A9F-49A2-A599-81757476D94F}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_2be1d@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_2be1d@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_2be1d@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_2be1d@ImagePath C:\Windows\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_2be1d@DisplayName Us?uga wiadomo?ci_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_2be1d@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_2be1d@Description @%SystemRoot%\system32\MessagingService.dll,-101 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_2be1d\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_2be1d\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_2be1d\TriggerInfo Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_2be1d\TriggerInfo\0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_2be1d\TriggerInfo\0@Type 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_2be1d\TriggerInfo\0@Action 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_2be1d\TriggerInfo\0@Guid 0x16 0x28 0x7A 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_2be1d\TriggerInfo\0@Data0 0x75 0x18 0xBC 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_2be1d\TriggerInfo\0@DataType0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage@Export \Device\NetBIOS_NetBT_Tcpip_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\NetBIOS_NetBT_Tcpip6_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\NetBIOS_NetBT_Tcpip6_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\NetBIOS_NetBT_Tcpip_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\NetBIOS_NetBT_Tcpip6_{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}?\Device\NetBIOS_NetBT_Tcpip6_{B2F252A6-BA1E-4DF7-AEC4-3001C01D61DD}?\Device\NetBIOS_NetBT_Tcpip6_{E90DC1B4-7A9F-49A2-A599-81757476D94F}? Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage@Bind \Device\NetBT_Tcpip_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\NetBT_Tcpip6_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\NetBT_Tcpip6_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\NetBT_Tcpip_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\NetBT_Tcpip6_{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}?\Device\NetBT_Tcpip6_{B2F252A6-BA1E-4DF7-AEC4-3001C01D61DD}?\Device\NetBT_Tcpip6_{E90DC1B4-7A9F-49A2-A599-81757476D94F}? Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage@Route "NetBT" "Tcpip" "{BB0658BD-5001-4F21-8865-1EC6210CD972}"?"NetBT" "Tcpip6" "{BB0658BD-5001-4F21-8865-1EC6210CD972}"?"NetBT" "Tcpip6" "{AFDED383-61FA-462C-B2E2-D7F676E42352}"?"NetBT" "Tcpip" "{AFDED383-61FA-462C-B2E2-D7F676E42352}"?"NetBT" "Tcpip6" "{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}"?"NetBT" "Tcpip6" "{B2F252A6-BA1E-4DF7-AEC4-3001C01D61DD}"?"NetBT" "Tcpip6" "{E90DC1B4-7A9F-49A2-A599-81757476D94F}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Parameters@MaxLana 6 Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Linkage@Export \Device\NetBT_Tcpip_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\NetBT_Tcpip6_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\NetBT_Tcpip_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\NetBT_Tcpip6_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\NetBT_Tcpip6_{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}?\Device\NetBT_Tcpip_{14F16185-8B05-4169-B7E9-6F09AADB7D8F}?\Device\NetBT_Tcpip6_{2C0C83C2-119B-4343-A677-AB90F9D473D2}?\Device\NetBT_Tcpip6_{7F154439-2E51-40A5-92C9-4430D0D229AD}? Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Linkage@Bind \Device\Tcpip_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\Tcpip6_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\Tcpip_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\Tcpip6_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\Tcpip6_{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}?\Device\Tcpip_{14F16185-8B05-4169-B7E9-6F09AADB7D8F}?\Device\Tcpip6_{2C0C83C2-119B-4343-A677-AB90F9D473D2}?\Device\Tcpip6_{7F154439-2E51-40A5-92C9-4430D0D229AD}? Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Linkage@Route "Tcpip" "{AFDED383-61FA-462C-B2E2-D7F676E42352}"?"Tcpip6" "{AFDED383-61FA-462C-B2E2-D7F676E42352}"?"Tcpip" "{BB0658BD-5001-4F21-8865-1EC6210CD972}"?"Tcpip6" "{BB0658BD-5001-4F21-8865-1EC6210CD972}"?"Tcpip6" "{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}"?"Tcpip6" "{B2F252A6-BA1E-4DF7-AEC4-3001C01D61DD}"?"Tcpip6" "{E90DC1B4-7A9F-49A2-A599-81757476D94F}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_2be1d@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_2be1d@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_2be1d@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_2be1d@ImagePath C:\Windows\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_2be1d@DisplayName Synchronizuj hosta_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_2be1d@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_2be1d@Description @%SystemRoot%\system32\APHostRes.dll,-10001 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_2be1d\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_2be1d\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_2be1d@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_2be1d@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_2be1d@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_2be1d@ImagePath C:\Windows\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_2be1d@DisplayName Dane kontaktowe_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_2be1d@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_2be1d@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-15000 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_2be1d\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_2be1d\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Diagnostics@ReadyBootTrainingCountSinceLastServicing 5 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?niedz.?, ?sty ?15 ?17, 07:36:56 PM???????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@EffectivePends 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 6050 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 3071 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 50 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{afded383-61fa-462c-b2e2-d7f676e42352}@LeaseObtainedTime 1484505361 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{afded383-61fa-462c-b2e2-d7f676e42352}@T1 1484548561 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{afded383-61fa-462c-b2e2-d7f676e42352}@T2 1484580961 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{afded383-61fa-462c-b2e2-d7f676e42352}@LeaseTerminatesTime 1484591761 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage@Export \Device\Tcpip6_{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\Tcpip6_{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\Tcpip6_{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}?\Device\Tcpip6_{14F16185-8B05-4169-B7E9-6F09AADB7D8F}?\Device\Tcpip6_{2C0C83C2-119B-4343-A677-AB90F9D473D2}? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage@Bind \Device\{AFDED383-61FA-462C-B2E2-D7F676E42352}?\Device\{BB0658BD-5001-4F21-8865-1EC6210CD972}?\Device\{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}?\Device\{14F16185-8B05-4169-B7E9-6F09AADB7D8F}?\Device\{2C0C83C2-119B-4343-A677-AB90F9D473D2}? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage@Route "{AFDED383-61FA-462C-B2E2-D7F676E42352}"?"{BB0658BD-5001-4F21-8865-1EC6210CD972}"?"{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}"?"{B2F252A6-BA1E-4DF7-AEC4-3001C01D61DD}"?"{E90DC1B4-7A9F-49A2-A599-81757476D94F}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{afded383-61fa-462c-b2e2-d7f676e42352}@Dhcpv6State 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6TUNNEL\Linkage@Export \Device\TCPIP6TUNNEL_{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}?\Device\TCPIP6TUNNEL_{B2F252A6-BA1E-4DF7-AEC4-3001C01D61DD}?\Device\TCPIP6TUNNEL_{E90DC1B4-7A9F-49A2-A599-81757476D94F}? Reg HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6TUNNEL\Linkage@Bind \Device\{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}?\Device\{B2F252A6-BA1E-4DF7-AEC4-3001C01D61DD}?\Device\{E90DC1B4-7A9F-49A2-A599-81757476D94F}? Reg HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6TUNNEL\Linkage@Route "{AD0DCC9A-5ADE-4C1E-A1FD-15873D46EF52}"?"{B2F252A6-BA1E-4DF7-AEC4-3001C01D61DD}"?"{E90DC1B4-7A9F-49A2-A599-81757476D94F}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_2be1d@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_2be1d@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_2be1d@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_2be1d@ImagePath C:\Windows\System32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_2be1d@DisplayName Magazyn danych u?ytkownika_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_2be1d@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_2be1d@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-10002 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_2be1d\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_2be1d\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_2be1d@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_2be1d@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_2be1d@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_2be1d@ImagePath C:\Windows\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_2be1d@DisplayName Dost?p do danych u?ytkownika_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_2be1d@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_2be1d@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-14000 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_2be1d\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_2be1d\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x94 0x18 0x2F 0x5F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x94 0x80 0xF3 0xC0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x94 0xB0 0x6A 0xFD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_2be1d@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_2be1d@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_2be1d@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_2be1d@ImagePath C:\Windows\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_2be1d@DisplayName Us?uga u?ytkownika powiadomie? WNS_2be1d Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_2be1d@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_2be1d@Description @%SystemRoot%\system32\WpnUserService.dll,-2 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_2be1d\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_2be1d\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_2be1d Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU@MRUListEx 0x01 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU@0 0x4E 0x00 0x4F 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU@2 0x63 0x00 0x68 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU@1 0x74 0x00 0x66 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU@MRUListEx 0x01 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU@0 0x6E 0x00 0x6F 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU@2 0x63 0x00 0x68 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU@1 0x74 0x00 0x66 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\* Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@0 0x14 0x00 0x1F 0x50 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@MRUListEx 0x02 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@1 0x14 0x00 0x1F 0x50 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@2 0x14 0x00 0x1F 0x50 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@0 0x14 0x00 0x1F 0x50 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@MRUListEx 0x01 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@1 0x14 0x00 0x1F 0x50 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ics Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ics@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ics@0 0x68 0x00 0x6F 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@0 0x50 0x00 0x72 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.sam Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.sam@0 0x6C 0x00 0x6D 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.sam@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@MRUListEx 0x05 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@1 0x41 0x00 0x64 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@0 0x31 0x00 0x32 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@2 0x67 0x00 0x6D 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@3 0x46 0x00 0x52 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@4 0x41 0x00 0x64 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@5 0x53 0x00 0x68 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@1 0x50 0x00 0x6F 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@2 0x65 0x00 0x74 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@3 0x4C 0x00 0x6F 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@0 0x57 0x00 0x73 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011520170116 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011520170116@CachePrefix :2017011520170116: Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011520170116@CachePath C:\Users\steam\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017011520170116 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011520170116@CacheRelativePath Microsoft\Windows\History\History.IE5\MSHist012017011520170116 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011520170116@CacheOptions 11 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011520170116@CacheRepair 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011520170116@CacheLimit 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x44 0xAE 0x40 0xB1 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x44 0xAE 0x40 0xB1 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x44 0xAE 0x40 0xB1 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x44 0xAE 0x40 0xB1 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\WinRoamErrors@LastErrorLevel 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 0 ---- Files - GMER 2.2 ---- File C:\Windows\Prefetch\AGENT.EXE-091348FD.pf 0 bytes File C:\Windows\Prefetch\AGENT.EXE-273C5030.pf 0 bytes File C:\Windows\Prefetch\AGENT.EXE-9E2C1163.pf 0 bytes File C:\Windows\Prefetch\TIWORKER.EXE-7E437278.pf 0 bytes File C:\Windows\Prefetch\TOR.EXE-0AB18261.pf 0 bytes File C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf 0 bytes File C:\Windows\Prefetch\DLLHOST.EXE-EF907F20.pf 0 bytes File C:\Windows\Prefetch\DSMUSERTASK.EXE-35CC97B6.pf 0 bytes File C:\Windows\Prefetch\DXSETUP.EXE-F815F77B.pf 0 bytes File C:\Windows\Prefetch\ERUNT.EXE-518CFD10.pf 0 bytes File C:\Windows\Prefetch\EUROTRUCKS2.EXE-7F32F20C.pf 0 bytes File C:\Windows\Prefetch\MPSIGSTUB.EXE-6CB27A06.pf 0 bytes File C:\Windows\Prefetch\MSASCUIL.EXE-B411EDE3.pf 0 bytes File C:\Windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf 0 bytes File C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf 0 bytes File C:\Windows\Prefetch\MSDT.EXE-09841468.pf 0 bytes File C:\Windows\Prefetch\CSRSS.EXE-3FE41F7E.pf 0 bytes File C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf 0 bytes File C:\Windows\Prefetch\DISCSOFTBUSSERVICELITE.EXE-1E755BFD.pf 0 bytes ---- EOF - GMER 2.2 ----