GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-15 15:09:33 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000033 WDC_WD5000BPKT-75PK4T0 rev.01.01A01 465,76GB Running: 1lyzt1ng.exe; Driver: C:\Users\Pryta\AppData\Local\Temp\fwdyrkog.sys ---- Modules - GMER 2.2 ---- Module \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys fffff80f50a20000-fffff80f50a2e000 (57344 bytes) ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [660:712] ffffde9e373b6c20 Thread C:\WINDOWS\system32\SettingSyncHost.exe [7340:7424] 00007ffb829fdbe0 Thread C:\WINDOWS\system32\SettingSyncHost.exe [7340:7444] 00007ffb829fdbe0 ---- Processes - GMER 2.2 ---- Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{42D3303F-5AFB-4BF1-84CC-9D6BBCF10268}\mpengine.dll (*** suspicious ***) @ C:\Program Files\Windows Defender\MsMpEng.exe [2748] 00007ffb7aa10000 ---- Services - GMER 2.2 ---- Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] CDPUserSvc_4e416 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] MessagingService_4e416 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] OneSyncSvc_4e416 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] PimIndexMaintenanceSvc_4e416 <-- ROOTKIT !!! Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [MANUAL] UnistoreSvc_4e416 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] UserDataSvc_4e416 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] WpnUserService_4e416 <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x94 0xA5 0x42 0x77 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xF9 0x15 0x30 0x5E ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 52 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\CMO17180_17_07DA_E5^3230A3F787348A849EBA987AF6A86798@Timestamp 0x52 0xCD 0xAE 0x77 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 800 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Users\Pryta\AppData\Local\Temp\UCBrowserUninstall784_3158\Uninstall.exe??\??\C:\Users\Pryta\AppData\Local\Temp\UCBrowserUninstall784_3158?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3774140 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 753937059 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 52 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 494311996 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 7493 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID b7a289c9-e0bd-45cc-bf22-e89fa91 Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{aa4d97eb-4aa8-4d47-bb8f-a0e4a8b04b2a} Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName Global\MMF_BITS4ab526a6-627e-4cc3-9f77-e504fc717112 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\4c80930e226f Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\4c80930e226f@08fc88ad82f4 0xAC 0x45 0xFE 0xD9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_4e416@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_4e416@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_4e416@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_4e416@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_4e416@DisplayName CDPUserSvc_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_4e416@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_4e416@Description @%SystemRoot%\system32\cdpusersvc.dll,-101 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_4e416\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_4e416\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{21142c68-9cce-4374-8aee-d780c8f9029a}@LastProbeTime 1484486310 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_4e416@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_4e416@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_4e416@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_4e416@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_4e416@DisplayName Us?uga wiadomo?ci_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_4e416@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_4e416@Description @%SystemRoot%\system32\MessagingService.dll,-101 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_4e416\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_4e416\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_4e416\TriggerInfo Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_4e416\TriggerInfo\0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_4e416\TriggerInfo\0@Type 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_4e416\TriggerInfo\0@Action 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_4e416\TriggerInfo\0@Guid 0x16 0x28 0x7A 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_4e416\TriggerInfo\0@Data0 0x75 0x18 0xBC 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_4e416\TriggerInfo\0@DataType0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_4e416@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_4e416@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_4e416@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_4e416@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_4e416@DisplayName Synchronizuj hosta_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_4e416@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_4e416@Description @%SystemRoot%\system32\APHostRes.dll,-10001 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_4e416\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_4e416\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_4e416@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_4e416@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_4e416@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_4e416@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_4e416@DisplayName Dane kontaktowe_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_4e416@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_4e416@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-15000 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_4e416\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_4e416\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Diagnostics@ReadyBootTrainingCountSinceLastServicing 20 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?niedz.?, ?sty ?15 ?17, 01:20:25??????????????????????n???????? Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@EffectivePends 268 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 5610 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 2039 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 51 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 1820 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{de7119be-3c62-47dd-909b-165029c8f2a4}@LeaseObtainedTime 1484485723 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{de7119be-3c62-47dd-909b-165029c8f2a4}@T1 1484485753 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{de7119be-3c62-47dd-909b-165029c8f2a4}@T2 1484485775 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{de7119be-3c62-47dd-909b-165029c8f2a4}@LeaseTerminatesTime 1484485783 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{de7119be-3c62-47dd-909b-165029c8f2a4}@Dhcpv6MaxLeaseExpireTime 1484488673 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{de7119be-3c62-47dd-909b-165029c8f2a4}@Dhcpv6LeaseObtainedTime 1484485073 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_4e416@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_4e416@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_4e416@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_4e416@ImagePath C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_4e416@DisplayName Magazyn danych u?ytkownika_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_4e416@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_4e416@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-10002 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_4e416\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_4e416\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_4e416@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_4e416@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_4e416@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_4e416@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_4e416@DisplayName Dost?p do danych u?ytkownika_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_4e416@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_4e416@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-14000 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_4e416\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_4e416\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x55 0x6F 0xE3 0xC6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x55 0xD7 0xA7 0x28 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x55 0x07 0x1F 0x65 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 22300 22306 22318 22328 22338 22358 22402 22412 22450 22456 22472 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 22478 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 22479 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 22300 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 22301 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_4e416@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_4e416@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_4e416@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_4e416@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_4e416@DisplayName Us?uga u?ytkownika powiadomie? WNS_4e416 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_4e416@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_4e416@Description @%SystemRoot%\system32\WpnUserService.dll,-2 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_4e416\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_4e416\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_4e416 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\OpenWithList@MRUList ab Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@PolicyDocumentLastRefresh 0x3E 0x38 0x03 0xF1 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x6C 0x37 0x36 0xF1 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x6C 0x37 0x36 0xF1 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x6C 0x37 0x36 0xF1 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x6C 0x37 0x36 0xF1 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xB9 0x29 0xEC 0xA3 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds Chrome.UserData.Profile4? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome.UserData.Profile4 0x73 0xAB 0x5E 0x16 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{22CB1306-8D2C-4EEA-8920-F596306BD3C6}@LastAccessedTime 0x70 0x99 0x7C 0x4F ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{22CB1306-8D2C-4EEA-8920-F596306BD3C6}@LaunchCount 7 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{22CB1306-8D2C-4EEA-8920-F596306BD3C6}\RecentItems\{1FF18E92-1711-41DF-9BF4-E4264AAC2B89} Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{22CB1306-8D2C-4EEA-8920-F596306BD3C6}\RecentItems\{1FF18E92-1711-41DF-9BF4-E4264AAC2B89}@Type 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{22CB1306-8D2C-4EEA-8920-F596306BD3C6}\RecentItems\{1FF18E92-1711-41DF-9BF4-E4264AAC2B89}@Path C:\Users\Pryta\Desktop\Anti-Trojan Elite 5.6.1 Patch Serial\Anti-Trojan Elite 5.6.1 + Patch + Serial\Serial.txt Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{22CB1306-8D2C-4EEA-8920-F596306BD3C6}\RecentItems\{1FF18E92-1711-41DF-9BF4-E4264AAC2B89}@DisplayName Serial Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{22CB1306-8D2C-4EEA-8920-F596306BD3C6}\RecentItems\{1FF18E92-1711-41DF-9BF4-E4264AAC2B89}@LastAccessedTime 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{22CB1306-8D2C-4EEA-8920-F596306BD3C6}\RecentItems\{1FF18E92-1711-41DF-9BF4-E4264AAC2B89}@Points 0x00 0x00 0x00 0x00 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{22CB1306-8D2C-4EEA-8920-F596306BD3C6}\RecentItems\{25116ECC-C7EC-47DD-8C40-AD1A0246E58D} Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{22CB1306-8D2C-4EEA-8920-F596306BD3C6}\RecentItems\{25116ECC-C7EC-47DD-8C40-AD1A0246E58D}@Type 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{22CB1306-8D2C-4EEA-8920-F596306BD3C6}\RecentItems\{25116ECC-C7EC-47DD-8C40-AD1A0246E58D}@Path C:\Users\Pryta\Desktop\MakingMoney\Reklama\Easy_GIF_Animator_5_Pro Crack&Key\Easy GIF Animator 5 Pro\Serial.txt Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{22CB1306-8D2C-4EEA-8920-F596306BD3C6}\RecentItems\{25116ECC-C7EC-47DD-8C40-AD1A0246E58D}@DisplayName Serial Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{22CB1306-8D2C-4EEA-8920-F596306BD3C6}\RecentItems\{25116ECC-C7EC-47DD-8C40-AD1A0246E58D}@LastAccessedTime 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{22CB1306-8D2C-4EEA-8920-F596306BD3C6}\RecentItems\{25116ECC-C7EC-47DD-8C40-AD1A0246E58D}@Points 0x00 0x00 0x00 0x00 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{255C0276-30D7-4E0D-B7DC-427405C364B4}@LastAccessedTime 0xA0 0x1D 0xCC 0xE9 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{255C0276-30D7-4E0D-B7DC-427405C364B4}@LaunchCount 8 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{DDCD5B7F-2F40-435A-8A21-BFA15E6E7EF5}@LastAccessedTime 0x00 0x01 0x91 0x62 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{DDCD5B7F-2F40-435A-8A21-BFA15E6E7EF5}@LaunchCount 31 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 146 Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_1lyzt1ng.exe_52f18ae915ed63417d8c1137ca5226bcca51b_39ff9100_cab_05c03a44 ---- Files - GMER 2.2 ---- ADS C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys 47304 bytes executable <-- ROOTKIT !!! ADS C:\Program Files (x86)\UCBrowser\Security:x64 739728 bytes executable ADS C:\Program Files (x86)\UCBrowser\Security:x86 602512 bytes executable ADS C:\Windows\System32\drivers:ucdrv-x64.sys 47304 bytes executable ADS C:\Windows\System32\drivers:x64 739728 bytes executable ADS C:\Windows\System32\drivers:x86 602512 bytes executable ---- Services - GMER 2.2 ---- Service C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [SYSTEM] ucdrv <-- ROOTKIT !!! ---- EOF - GMER 2.2 ----