GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-16 12:58:34 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000035 rev. 0,00MB Running: js8xc3w1.exe; Driver: C:\Users\oem2\AppData\Local\Temp\pxldapow.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600007e800 15 bytes [C0, BB, ED, 01, 40, 02, 6A, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff9600007e810 11 bytes [00, 7E, FC, FF, 00, A7, B2, ...] ---- Modules - GMER 2.2 ---- Module \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys fffff8004fbf0000-fffff8004fbff000 (61440 bytes) ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [496:524] fffff960008792d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1534562317 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\605718103217 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior ---- Files - GMER 2.2 ---- ADS C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys 50888 bytes executable ADS C:\Program Files (x86)\UCBrowser\Security:x64 743824 bytes executable ADS C:\Program Files (x86)\UCBrowser\Security:x86 607120 bytes executable ADS C:\Windows\System32\drivers:ucdrv-x64.sys 50888 bytes executable <-- ROOTKIT !!! ADS C:\Windows\System32\drivers:x64 743824 bytes executable ADS C:\Windows\System32\drivers:x86 606608 bytes executable ---- Services - GMER 2.2 ---- Service C:\Windows\System32\drivers:ucdrv-x64.sys [SYSTEM] ucdrv <-- ROOTKIT !!! ---- EOF - GMER 2.2 ----