GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-24 12:49:52 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002b HGST_HTS541010A9E680 rev.JA0OA710 931,51GB Running: slnzbqip.exe; Driver: C:\Users\Szymon\AppData\Local\Temp\awwoipow.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [76:568] fffff961e4254060 ---- Services - GMER 2.2 ---- Service C:\WINDOWS\system32\drivers\bsdriver.sys (*** hidden *** ) [SYSTEM] bsdriver <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] MessagingService_544ced <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] OneSyncSvc_544ced <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] PimIndexMaintenanceSvc_544ced <-- ROOTKIT !!! Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [MANUAL] UnistoreSvc_544ced <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] UserDataSvc_544ced <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Classes\{4d36e96f-e325-11ce-bfc1-08002be10318} Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Classes\{4d36e96f-e325-11ce-bfc1-08002be10318}@HID\VID_2188&PID_0AE1\6&934F0BF&0&0000 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000@Capabilities 160 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000@ClassGuid {4d36e96f-e325-11ce-bfc1-08002be10318} Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000@CompatibleIds Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000@DriverInfName msmouse.inf Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000@HardwareIds HID\VID_2188&PID_0AE1&REV_0100?HID\VID_2188&PID_0AE1?HID\VID_2188&UP:0001_U:0002?HID_DEVICE_SYSTEM_MOUSE?HID_DEVICE_UP:0001_U:0002?HID_DEVICE? Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000@LastPresentDate 0xA8 0xE2 0x4B 0xDB ... Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000@MatchingDeviceId HID_DEVICE_SYSTEM_MOUSE Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000@Present 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000@Duplicate 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Device Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Device@FlipFlopHScroll 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Device@FlipFlopWheel 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Device@ForceAbsolute 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Device@HScrollHighResolutionDisable 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Device@HScrollPageOverride 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Device@HScrollUsageOverride 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Device@VScrollHighResolutionDisable 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Device@VScrollPageOverride 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Device@VScrollUsageOverride 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Interfaces Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Interfaces\{378de44c-56ef-11d1-bc8c-00a0c91405dd} Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030} Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b} Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0002 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0002@ 0x01 0x00 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0003 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0003@ 0x02 0x00 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0004 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0004@ 0xFF Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0005 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0005@ 0x88 0x21 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0006 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0006@ 0xE1 0x0A Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0007 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_2188&PID_0AE1\6&934F0BF&0&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0007@ 0x00 0x01 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\LGD046A0_00_07DE_89^6525A37E75C52B0391B50070D1C4BEA3@Timestamp 0xF4 0xED 0x6E 0xBE ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1891830074 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 4575 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 3121 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 13853 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime 1007 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 5583 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeInitTime 196 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 338 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 5891 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime 201 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 144 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 6233 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 6260 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 12210 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 6248 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 13841 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 5602 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 10596 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime 5259 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 1615 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelAnimationTime 59 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 361336 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0x12 0x04 0x02 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 25450 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0x16 0x20 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 98 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate 101 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 70 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumTime 68 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumIoTime 23 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumTime 66 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumIoTime 39 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime 769 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 211 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0x63 0x63 0x51 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HybridBootAnimationTime 5963 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver@ImagePath \??\C:\WINDOWS\system32\drivers\bsdriver.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver@DisplayName bsdriver Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver@Group Base Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver\Instances@DefaultInstance bsdriver Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver\Instances\bsdriver Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver\Instances\bsdriver@Altitude 333111 Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver\Instances\bsdriver@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\bsdriver Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\7429afe0554e Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_544ced Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_544ced@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_544ced@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_544ced@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_544ced@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_544ced@DisplayName Us?uga wiadomo?ci_544ced Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_544ced@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_544ced\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_544ced\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_544ced\TriggerInfo Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_544ced\TriggerInfo\0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_544ced\TriggerInfo\0@Type 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_544ced\TriggerInfo\0@Action 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_544ced\TriggerInfo\0@Guid 0x16 0x28 0x7A 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_544ced\TriggerInfo\0@Data0 0x75 0x18 0xBC 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_544ced\TriggerInfo\0@DataType0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_544ced Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_544ced Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_544ced@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_544ced@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_544ced@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_544ced@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_544ced@DisplayName Synchronizuj hosta_544ced Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_544ced@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_544ced\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_544ced\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_544ced Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_544ced Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_544ced@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_544ced@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_544ced@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_544ced@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_544ced@DisplayName Dane kontaktowe_544ced Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_544ced@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_544ced\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_544ced\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_544ced Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1360 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 362 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 419 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2bbb15fe-3226-4ace-85e9-591dfad83f16}@LeaseObtainedTime 1461444222 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2bbb15fe-3226-4ace-85e9-591dfad83f16}@T1 1461487422 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2bbb15fe-3226-4ace-85e9-591dfad83f16}@T2 1461519822 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2bbb15fe-3226-4ace-85e9-591dfad83f16}@LeaseTerminatesTime 1461530622 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_544ced Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_544ced@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_544ced@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_544ced@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_544ced@ImagePath C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_544ced@DisplayName Magazyn danych u?ytkownika_544ced Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_544ced@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_544ced\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_544ced\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_544ced Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_544ced Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_544ced@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_544ced@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_544ced@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_544ced@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_544ced@DisplayName Dost?p do danych u?ytkownika_544ced Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_544ced@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_544ced\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_544ced\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_544ced Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeConfidence 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x1D 0x5C 0x07 0x4A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x1D 0xC4 0xCB 0xAB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x1D 0xF4 0x42 0xE8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0xE4 0x0F 0x68 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\2@RwMask 0x64 0x62 0x03 0x00 ... ---- EOF - GMER 2.2 ----