GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-22 18:50:30 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000029 LITEONIT_LCS-128M6S rev.DC77101 119,24GB Running: yeyypj0i.exe; Driver: C:\Users\ja\AppData\Local\Temp\pwndqfob.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [856:5924] ffff90ddf5986c20 ---- Services - GMER 2.2 ---- Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] CDPUserSvc_6041fcc <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] MessagingService_6041fcc <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] OneSyncSvc_6041fcc <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] PimIndexMaintenanceSvc_6041fcc <-- ROOTKIT !!! Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [MANUAL] UnistoreSvc_6041fcc <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] UserDataSvc_6041fcc <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] WpnUserService_6041fcc <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SDC48520_00_07DE_DB^C60ED756C55507D646D783CAC1BF2F0D@Timestamp 0xC7 0x56 0x23 0xB4 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1726647591 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 5184 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 5184 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 8931 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime 80 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 412 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 5269 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 308 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 5360 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime 91 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 196 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 5682 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 5710 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 8093 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 5701 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 8920 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 2726 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 54 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 6851 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime 1478 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeSharedBufferTime 6 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 642 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelAnimationTime 39 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 328514 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0x16 0x01 0x02 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 19946 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0x95 0x26 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 298 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberCompressRate 51 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate 368 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 145 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FileRuns 236 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumTime 116 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumIoTime 9 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumTime 122 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime 160 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 168 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HybridBootAnimationTime 2410 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0x80 0xD9 0x64 0x33 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 28 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14833611659532280@SetupOperations ???(?????(?(?)?)????????????????? ???????(???????????????????? ??????????????????????????(??????Commited?????????+?????????????????????t?????????????3?????t?3???????(??????????????????0????????(???d???????s?????(?????)?)?*?*?*?*????? ???????'?????+?????( ?????????P?5??????????????(?????????e????aswSnx???????(?(?(?(?(?+?+?+??????L??(??????????????avast! virtualization driver (aswSnx)????????????S???????????????m??td???????????v???????N???+???+???(??????????????MoveFile("\??\C:\Program Files\AVAST Software\Avast\HTM3D54.tmp","\??\C:\Program Files\AVAST Software\Avast\HTMLayout.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\avB3E70.tmp","\??\C:\Program Files\AVAST Software\Avast\avBugReport.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\AvD3ED0.tmp","\??\C:\Program Files\AVAST Software\Avast\AvDump32.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\x64\AvD3F3F.tmp","\??\C:\Program Files\AVAST Software\Avast\x64\AvDump64.exe",TRUE)?DeleteFile("\??\C:\Program Files\AV Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14833612077652280@SetupOperations ???(?????)?)?*?*?*?*????? ???????'?????+?????( ?????????P?5??????????????(?????????e????aswSnx???????(?(?(?(?(?+?+?+??????L??(??????????????avast! virtualization driver (aswSnx)????????????S???????????????m??td???????????v???????N???+???+???(??????????????MoveFile("\??\C:\Program Files\AVAST Software\Avast\HTM3D54.tmp","\??\C:\Program Files\AVAST Software\Avast\HTMLayout.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\avB3E70.tmp","\??\C:\Program Files\AVAST Software\Avast\avBugReport.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\AvD3ED0.tmp","\??\C:\Program Files\AVAST Software\Avast\AvDump32.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\x64\AvD3F3F.tmp","\??\C:\Program Files\AVAST Software\Avast\x64\AvDump64.exe",TRUE)?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\pam\FF\lib\@avast\aes-connection\crypto-js\components")?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\pam\FF\lib\@avast\aes-connection\crypto-js\rollups")?DeleteFile("\??\C:\Program Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\acd1b8125b78 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_6041fcc@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_6041fcc@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_6041fcc@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_6041fcc@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_6041fcc@DisplayName CDPUserSvc_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_6041fcc@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_6041fcc@Description @%SystemRoot%\system32\cdpusersvc.dll,-101 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_6041fcc\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_6041fcc\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_6041fcc@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_6041fcc@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_6041fcc@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_6041fcc@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_6041fcc@DisplayName Us?uga wiadomo?ci_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_6041fcc@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_6041fcc@Description @%SystemRoot%\system32\MessagingService.dll,-101 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_6041fcc\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_6041fcc\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_6041fcc\TriggerInfo Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_6041fcc\TriggerInfo\0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_6041fcc\TriggerInfo\0@Type 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_6041fcc\TriggerInfo\0@Action 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_6041fcc\TriggerInfo\0@Guid 0x16 0x28 0x7A 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_6041fcc\TriggerInfo\0@Data0 0x75 0x18 0xBC 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_6041fcc\TriggerInfo\0@DataType0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_6041fcc@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_6041fcc@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_6041fcc@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_6041fcc@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_6041fcc@DisplayName Synchronizuj hosta_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_6041fcc@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_6041fcc@Description @%SystemRoot%\system32\APHostRes.dll,-10001 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_6041fcc\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_6041fcc\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_6041fcc@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_6041fcc@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_6041fcc@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_6041fcc@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_6041fcc@DisplayName Dane kontaktowe_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_6041fcc@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_6041fcc@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-15000 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_6041fcc\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_6041fcc\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 8354 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 1351 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 1331 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d941773d-2523-40a6-8d8d-f8cfab37d57e}@LeaseObtainedTime 1485077072 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d941773d-2523-40a6-8d8d-f8cfab37d57e}@T1 1485120272 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d941773d-2523-40a6-8d8d-f8cfab37d57e}@T2 1485152672 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d941773d-2523-40a6-8d8d-f8cfab37d57e}@LeaseTerminatesTime 1485163472 Reg HKLM\SYSTEM\CurrentControlSet\Services\UmPass\Parameters\Wdf@TimeOfLastTelemetryLog 0xD8 0x10 0x90 0x65 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_6041fcc@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_6041fcc@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_6041fcc@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_6041fcc@ImagePath C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_6041fcc@DisplayName Magazyn danych u?ytkownika_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_6041fcc@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_6041fcc@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-10002 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_6041fcc\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_6041fcc\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_6041fcc@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_6041fcc@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_6041fcc@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_6041fcc@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_6041fcc@DisplayName Dost?p do danych u?ytkownika_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_6041fcc@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_6041fcc@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-14000 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_6041fcc\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_6041fcc\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x2B 0x9C 0xBB 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x2B 0x04 0x80 0x6C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x2B 0x34 0xF7 0xA8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_6041fcc@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_6041fcc@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_6041fcc@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_6041fcc@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_6041fcc@DisplayName Us?uga u?ytkownika powiadomie? WNS_6041fcc Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_6041fcc@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_6041fcc@Description @%SystemRoot%\system32\WpnUserService.dll,-2 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_6041fcc\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_6041fcc\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_6041fcc Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:5E7596E1-DA57-487C-814D-F4F674F85A21\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:5E7596E1-DA57-487C-814D-F4F674F85A21\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.ca Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.cn Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.co.jp Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.co.uk Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.com Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.com.br Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.de Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.es Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.fr Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.in Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\iexplore\AllowedDomains\amazon.it Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@E7CF176E110C211B 0x17 0xA5 0xB9 0x88 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----