GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-23 22:19:18 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003b ST1000DM003-1SB10C rev.CC43 931,51GB Running: cytig39w.exe; Driver: C:\Users\DAWIDB~1\AppData\Local\Temp\awtdqfow.sys ---- User code sections - GMER 2.2 ---- ? C:\Windows\system32\apphelp.dll [3192] entry point in ".rdata" section 0000000071a30380 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00007ffb87758ca0 5 bytes JMP 00007ffb0792075c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffb87760b30 5 bytes JMP 00007ffb079203a4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffb877f55d0 16 bytes {MOV RAX, 0x7ffb6eda30f0; JMP RAX} ? C:\Windows\system32\apphelp.dll [2496] entry point in ".rdata" section 0000000071a30380 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5648] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffbc4d6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5648] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5648] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5648] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5648] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5648] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5648] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5648] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5648] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5648] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5648] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5648] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffb5ef8aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffbc4d6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5104] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffb5ef8aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5368] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffbc4d6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5368] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5368] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5368] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5368] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5368] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5368] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5368] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5368] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5368] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5368] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5368] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffb5ef8aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffbc4d6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3808] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffb5ef8aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6952] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffbc4d6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6952] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6952] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6952] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6952] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6952] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6952] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6952] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6952] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6952] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6952] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6952] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffb5ef8aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3736] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffbc4d6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3736] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3736] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3736] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3736] @ C:\Windows\system32\shlwapi.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3736] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3736] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3736] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3736] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3736] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffbc4d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3736] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffbc567002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3736] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffb5ef8aed8] C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\chrome_child.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [5252:5068] fffff961121273a0 Thread C:\Windows\system32\csrss.exe [4992:7116] fffff961127a4030 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\PHLC10AUK81549013846_31_07DF_B3^562B0098446B25501DDAAA272F1A9CCA@Timestamp 0x32 0x42 0x96 0x6B ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 449912574 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 18187 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 17892 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 22438 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 902 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 18608 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 717 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 18787 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime 474 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 245 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 19511 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 19540 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 22192 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 19535 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 22434 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 2866 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 49 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 8991 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime 2370 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeInitTime 77 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 230 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelAnimationTime 17 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 347098 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0x11 0xC4 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 62070 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0x46 0x6E 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 199 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate 204 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FileRuns 3 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumTime 49 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumIoTime 10 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumTime 31 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumIoTime 18 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime 2032 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 598 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HybridBootAnimationTime 2662 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0x04 0x8D 0x56 0x09 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 5 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14665250741092272@SetupOperations ???:?????:?;?;?;????????_c???:??????????????MoveFile("\??\c:\program files\avast software\avast\aavm4h.dll.146723497971801","\??\c:\program files\avast software\avast\aavm4h.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\aavm4h.dll.sum.146723497971801","\??\c:\program files\avast software\avast\aavm4h.dll.sum",TRUE)??637???????????????????????????0??????????????? ???????:???????????:???????? ??????????????????????????:???/??Reverted?0???:?:?:?:?:?:?????????????x?????t\C???????????i?????tAS???????:???A??????et???????????P??????????????????????????????? ???????9?????:?????:??????????P?(??????????????????????????:?:?:?:?:?:?:?:?????????????n??ts???????????r??????au????P??:????????h?\???\SystemRoot\system32\drivers\aswSnx.sys?ys???\???????:???F?????eVA??aswSnx?f??????0??:???\??ps??FSFilter Virtualization??????????:???????????e??FltMgr???#????L??:??? ?????nce??avast! virtualization driver (aswSnx)???? ???????:?????:?????:?????????? ?????????spDa???? ??:???????????e??aswSnx Instance??????:?????:??? Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_20e1c21 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_20e1c21@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_20e1c21@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_20e1c21@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_20e1c21@ImagePath C:\Windows\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_20e1c21@DisplayName Us?uga wiadomo?ci_20e1c21 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_20e1c21@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_20e1c21\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_20e1c21\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_20e1c21\TriggerInfo Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_20e1c21\TriggerInfo\0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_20e1c21\TriggerInfo\0@Type 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_20e1c21\TriggerInfo\0@Action 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_20e1c21\TriggerInfo\0@Guid 0x16 0x28 0x7A 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_20e1c21\TriggerInfo\0@Data0 0x75 0x18 0xBC 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_20e1c21\TriggerInfo\0@DataType0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_20e1c21 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_20e1c21 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_20e1c21@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_20e1c21@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_20e1c21@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_20e1c21@ImagePath C:\Windows\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_20e1c21@DisplayName Synchronizuj hosta_20e1c21 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_20e1c21@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_20e1c21\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_20e1c21\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_20e1c21 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_20e1c21 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_20e1c21@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_20e1c21@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_20e1c21@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_20e1c21@ImagePath C:\Windows\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_20e1c21@DisplayName Dane kontaktowe_20e1c21 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_20e1c21@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_20e1c21\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_20e1c21\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_20e1c21 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 3551 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 295 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ef2ef133-e709-46f9-a47e-26f840de5d47}@LeaseObtainedTime 1469292095 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ef2ef133-e709-46f9-a47e-26f840de5d47}@T1 1469508095 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ef2ef133-e709-46f9-a47e-26f840de5d47}@T2 1469670095 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ef2ef133-e709-46f9-a47e-26f840de5d47}@LeaseTerminatesTime 1469724095 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_20e1c21 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_20e1c21@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_20e1c21@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_20e1c21@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_20e1c21@ImagePath C:\Windows\System32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_20e1c21@DisplayName Magazyn danych u?ytkownika_20e1c21 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_20e1c21@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_20e1c21\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_20e1c21\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_20e1c21 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_20e1c21 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_20e1c21@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_20e1c21@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_20e1c21@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_20e1c21@ImagePath C:\Windows\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_20e1c21@DisplayName Dost?p do danych u?ytkownika_20e1c21 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_20e1c21@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_20e1c21\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_20e1c21\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_20e1c21 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xCB 0xAB 0x87 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xCB 0x13 0x4C 0x05 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xCB 0x43 0xC3 0x41 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0xF4 0x36 0xD0 0x09 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds Chrome.UserData.ChromeDefaultData?8216C80C92C4E828? ---- Files - GMER 2.2 ---- File C:\Users\Dawid B\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Cache\f_002c7d 0 bytes ---- EOF - GMER 2.2 ----