GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-16 14:37:49 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002f ADATA_SP550 rev.P0330AA 223,57GB Running: bwtndsef.exe; Driver: C:\Users\Tuscioch\AppData\Local\Temp\kxndquoc.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\SYSTEM32\iertutil.dll [7956] entry point in ".rdata" section 00000000723a1590 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [7956] entry point in ".rdata" section 0000000071ffa020 ? C:\WINDOWS\SYSTEM32\dbgcore.DLL [7956] entry point in ".rdata" section 0000000071fcc940 ? C:\Windows\System32\OneCoreUAPCommonProxyStub.dll [7956] entry point in ".rdata" section 000000006fc27ec0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007fff41bc65c0 16 bytes {MOV RAX, 0x7fff33f972b0; JMP RAX} ? C:\WINDOWS\system32\apphelp.dll [4048] entry point in ".rdata" section 000000006fb2f7c0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5740] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5740] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5740] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff4181002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5740] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5740] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5740] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5740] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5740] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5740] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5740] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5740] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5740] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff07592348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff4181002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7240] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff07592348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3080] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3080] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3080] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff4181002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3080] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3080] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3080] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3080] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3080] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3080] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3080] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3080] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3080] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff07592348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\AppPatch\AppPatch64\AcGenral.dll[USER32.dll!GetMonitorInfoW] [7fff419e012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff4181002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!EnumDisplayMonitors] [7fff419e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!GetMonitorInfoW] [7fff419e012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\System32\IMM32.DLL[USER32.dll!GetMonitorInfoW] [7fff419e012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!GetMonitorInfoW] [7fff419e012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!EnumDisplayMonitors] [7fff419e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!GetMonitorInfoW] [7fff419e012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!EnumDisplayMonitors] [7fff419e006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff07592348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.321_none_72fe05dd211a5fae\gdiplus.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7272] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7272] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7272] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff4181002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7272] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7272] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7272] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7272] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7272] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7272] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7272] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7272] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7272] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff07592348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6744] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6744] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6744] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff4181002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6744] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6744] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6744] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6744] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6744] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6744] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6744] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6744] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6744] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff07592348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff4181002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff4181006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff419e002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff07592348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [656:3200] ffffed2e765a6c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x6B 0x72 0xA1 0x9F ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xD9 0x50 0x9E 0x3B ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xA2 0xD7 0xA1 0x9F ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xD9 0x50 0x9E 0x3B ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 33 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\LGD04CB0_00_07DF_A9^DED95BDF97BCCC687EDCEE2690EA1A45@Timestamp 0xBE 0x39 0x4F 0xA1 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 800 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1830726503 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 16e33946-25f8-4a78-862e-8eace65 Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{e75e6fe2-a6e1-466a-bc63-aca541f291f7} Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName Global\MMF_BITScb0eb485-d7ff-4f80-9047-b98c182eff9b Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\c8ff283540e2 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_29791@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_29791@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_29791@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_29791@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_29791@DisplayName CDPUserSvc_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_29791@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_29791@Description @%SystemRoot%\system32\cdpusersvc.dll,-101 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_29791\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_29791\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{ed78dba6-11ed-4c3a-9d72-7bb020c1e07e}@LastProbeTime 1487249333 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{D61186BD-A7D7-470B-88C7-0722A711CF41}@DefunctTimestamp 0x8E 0x91 0xA5 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_29791@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_29791@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_29791@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_29791@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_29791@DisplayName Us?uga wiadomo?ci_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_29791@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_29791@Description @%SystemRoot%\system32\MessagingService.dll,-101 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_29791\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_29791\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_29791\TriggerInfo Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_29791\TriggerInfo\0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_29791\TriggerInfo\0@Type 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_29791\TriggerInfo\0@Action 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_29791\TriggerInfo\0@Guid 0x16 0x28 0x7A 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_29791\TriggerInfo\0@Data0 0x75 0x18 0xBC 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_29791\TriggerInfo\0@DataType0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_29791@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_29791@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_29791@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_29791@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_29791@DisplayName Synchronizuj hosta_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_29791@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_29791@Description @%SystemRoot%\system32\APHostRes.dll,-10001 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_29791\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_29791\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_29791@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_29791@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_29791@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_29791@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_29791@DisplayName Dane kontaktowe_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_29791@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_29791@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-15000 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_29791\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_29791\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 4719 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 1646 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 32 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f870cff5-8e9f-4f6a-b019-7a766ca15666}@LeaseObtainedTime 1487245733 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f870cff5-8e9f-4f6a-b019-7a766ca15666}@T1 1487288933 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f870cff5-8e9f-4f6a-b019-7a766ca15666}@T2 1487321333 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f870cff5-8e9f-4f6a-b019-7a766ca15666}@LeaseTerminatesTime 1487332133 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_29791@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_29791@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_29791@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_29791@ImagePath C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_29791@DisplayName Magazyn danych u?ytkownika_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_29791@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_29791@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-10002 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_29791\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_29791\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_29791@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_29791@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_29791@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_29791@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_29791@DisplayName Dost?p do danych u?ytkownika_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_29791@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_29791@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-14000 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_29791\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_29791\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xAB 0xD6 0x0D 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xAB 0x3E 0xD2 0xCA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xAB 0x6E 0x49 0x07 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 26232 26238 26250 26260 26270 26290 26334 26344 26382 26388 26404 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 26410 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 26411 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 26232 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 26233 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_29791@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_29791@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_29791@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_29791@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_29791@DisplayName Us?uga u?ytkownika powiadomie? WNS_29791 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_29791@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_29791@Description @%SystemRoot%\system32\WpnUserService.dll,-2 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_29791\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_29791\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_29791 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\3@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\3@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\4@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\4@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\5@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\5@RwMask 0x64 0x62 0x03 0x00 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----