GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-23 17:17:46 Windows 6.2.9200 x64 Running: 4wo4h7y8.exe ---- Services - GMER 2.2 ---- Service (*** hidden *** ) [MANUAL] aswbdisk <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPnPProvider\uuid:1017df82-000e-1000-a825-244b03ca2237\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPnPProvider\uuid:1017df82-000e-1000-a825-244b03ca2237\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Users\MICHA~1\AppData\Local\Temp\TAOAccelerator64.sys23-15-45?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1271785247 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbdisk@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbdisk Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@SystemRoot \Device\HarddiskVolume4\WINDOWS Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@PassiveMode 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\28c2dd1ac3b8 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\28c2dd1ac3b8@544408cdea4e 0xBC 0x03 0x16 0x73 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\QMUdisk Reg HKLM\SYSTEM\CurrentControlSet\Services\QMUdisk@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\QMUdisk@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\QMUdisk@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\QMUdisk@ImagePath \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.8.17919.214\QMUdisk64.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\QMUdisk@DisplayName tencent QMUdisk Reg HKLM\SYSTEM\CurrentControlSet\Services\QMUdisk@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\QMUdisk@Group FSFilter Content Screener Reg HKLM\SYSTEM\CurrentControlSet\Services\QMUdisk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\Services\QMUdisk Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?niedz.?, ?kwi ?23 ?17, 03:49:11??????`???????????????`???????? Reg HKLM\SYSTEM\CurrentControlSet\Services\TSSysKit Reg HKLM\SYSTEM\CurrentControlSet\Services\TSSysKit@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\TSSysKit@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\TSSysKit@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\TSSysKit@ImagePath \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.8.17919.214\TSSysKit64.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\TSSysKit@DisplayName TSSysKit Reg HKLM\SYSTEM\CurrentControlSet\Services\TSSysKit@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\TSSysKit Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xA6 0x77 0xD9 0x87 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xA6 0xDF 0x9D 0xE9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xA6 0x0F 0x15 0x26 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPnPProvider\uuid:1017df82-000e-1000-a825-244b03ca2237\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPnPProvider\uuid:1017df82-000e-1000-a825-244b03ca2237\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@ScreenshotIndex 6 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList@MRUList abcdefghijkl Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x1D 0xF9 0x88 0x80 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x1D 0xF9 0x88 0x80 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x1D 0xF9 0x88 0x80 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x1D 0xF9 0x88 0x80 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome.UserData.chagulybuvertainmibile 0xF8 0x09 0x2C 0xCC ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{95FAE977-A635-485D-8686-0FD10F39525E}@LastAccessedTime 0xC0 0x59 0x2E 0xE9 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{95FAE977-A635-485D-8686-0FD10F39525E}@LaunchCount 2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}@LastAccessedTime 0xA0 0x4E 0xB3 0x38 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}@AppId {6D809377-6AF0-444B-8957-A3773F02200E}\WinRAR\WinRAR.exe Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}@LaunchCount 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{55D834B5-4AC7-4F2B-96FE-E2BF62B048FD} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{55D834B5-4AC7-4F2B-96FE-E2BF62B048FD}@Type 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{55D834B5-4AC7-4F2B-96FE-E2BF62B048FD}@Path C:\Users\Micha?\Downloads\ii update\Prison Break S05E04 2016 HDTV x264 - AMIABLE\CodecPack.z Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{55D834B5-4AC7-4F2B-96FE-E2BF62B048FD}@DisplayName CodecPack Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{55D834B5-4AC7-4F2B-96FE-E2BF62B048FD}@LastAccessedTime 0xB2 0x1E 0x49 0xAA ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{55D834B5-4AC7-4F2B-96FE-E2BF62B048FD}@Points 0x00 0x00 0x80 0x3F Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{9BF874A5-B6EC-49CD-B67D-FF4BC7F59E66} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{9BF874A5-B6EC-49CD-B67D-FF4BC7F59E66}@Type 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{9BF874A5-B6EC-49CD-B67D-FF4BC7F59E66}@Path C:\Users\Micha?\Desktop\Zdj?cia_pobrane_przez_AirDroid.zip Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{9BF874A5-B6EC-49CD-B67D-FF4BC7F59E66}@DisplayName Zdj?cia_pobrane_przez_AirDroid.zip Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{9BF874A5-B6EC-49CD-B67D-FF4BC7F59E66}@LastAccessedTime 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{9BF874A5-B6EC-49CD-B67D-FF4BC7F59E66}@Points 0x00 0x00 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{A903F7AE-5680-4155-8DF0-9568B80DC0A0} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{A903F7AE-5680-4155-8DF0-9568B80DC0A0}@Type 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{A903F7AE-5680-4155-8DF0-9568B80DC0A0}@Path C:\Users\Micha?\Downloads\SmartGesture_WIN10_64_VER405.zip Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{A903F7AE-5680-4155-8DF0-9568B80DC0A0}@DisplayName SmartGesture_WIN10_64_VER405 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{A903F7AE-5680-4155-8DF0-9568B80DC0A0}@LastAccessedTime 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{A903F7AE-5680-4155-8DF0-9568B80DC0A0}@Points 0x00 0x00 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{AD06B9EA-813F-4D69-8D4C-39E5DC7116DC} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{AD06B9EA-813F-4D69-8D4C-39E5DC7116DC}@Type 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{AD06B9EA-813F-4D69-8D4C-39E5DC7116DC}@Path C:\Users\Micha?\Downloads\ElfBot.rar Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{AD06B9EA-813F-4D69-8D4C-39E5DC7116DC}@DisplayName ElfBot.rar Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{AD06B9EA-813F-4D69-8D4C-39E5DC7116DC}@LastAccessedTime 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{AD06B9EA-813F-4D69-8D4C-39E5DC7116DC}@Points 0x00 0x00 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{B50A3CFA-92F4-4ACF-952F-E7F3EB405043} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{B50A3CFA-92F4-4ACF-952F-E7F3EB405043}@Type 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{B50A3CFA-92F4-4ACF-952F-E7F3EB405043}@Path C:\Users\Micha?\Downloads\Zdj?cia_pobrane_przez_AirDroid.zip Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{B50A3CFA-92F4-4ACF-952F-E7F3EB405043}@DisplayName Zdj?cia_pobrane_przez_AirDroid.zip Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{B50A3CFA-92F4-4ACF-952F-E7F3EB405043}@LastAccessedTime 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{B50A3CFA-92F4-4ACF-952F-E7F3EB405043}@Points 0x00 0x00 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{C0E533B7-BEA4-450B-938D-B9CAB72224A7} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{C0E533B7-BEA4-450B-938D-B9CAB72224A7}@Type 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{C0E533B7-BEA4-450B-938D-B9CAB72224A7}@Path C:\Users\Micha?\Downloads\DBNS 6.99.zip Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{C0E533B7-BEA4-450B-938D-B9CAB72224A7}@DisplayName DBNS 6.99.zip Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{C0E533B7-BEA4-450B-938D-B9CAB72224A7}@LastAccessedTime 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{C0E533B7-BEA4-450B-938D-B9CAB72224A7}@Points 0x00 0x00 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{C35FE065-67B4-4BBA-81F1-21C085AC5F9B} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{C35FE065-67B4-4BBA-81F1-21C085AC5F9B}@Type 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{C35FE065-67B4-4BBA-81F1-21C085AC5F9B}@Path C:\Users\Micha?\Downloads\WLAN_Ralink_Win10_64_VER50570.zip Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{C35FE065-67B4-4BBA-81F1-21C085AC5F9B}@DisplayName WLAN_Ralink_Win10_64_VER50570 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{C35FE065-67B4-4BBA-81F1-21C085AC5F9B}@LastAccessedTime 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{C35FE065-67B4-4BBA-81F1-21C085AC5F9B}@Points 0x00 0x00 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{C5D35D47-0C91-44EC-A728-841908176CEA} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{C5D35D47-0C91-44EC-A728-841908176CEA}@Type 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{C5D35D47-0C91-44EC-A728-841908176CEA}@Path D:\WSOSP\NAUKA\I ROK\II SEMESTR\LOGISTYKA I ZARZ?DZANIE ?A?CUCHEM DOSTAW.rar Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{C5D35D47-0C91-44EC-A728-841908176CEA}@DisplayName LOGISTYKA I ZARZ?DZANIE ?A?CUCHEM DOSTAW.rar Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{C5D35D47-0C91-44EC-A728-841908176CEA}@LastAccessedTime 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{C5D35D47-0C91-44EC-A728-841908176CEA}@Points 0x00 0x00 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{CBE2033F-3E38-4D34-B487-2369336B490A} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{CBE2033F-3E38-4D34-B487-2369336B490A}@Type 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{CBE2033F-3E38-4D34-B487-2369336B490A}@Path C:\Users\Micha?\Downloads\dowykadu_1.zip Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{CBE2033F-3E38-4D34-B487-2369336B490A}@DisplayName dowykadu_1.zip Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{CBE2033F-3E38-4D34-B487-2369336B490A}@LastAccessedTime 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{CBE2033F-3E38-4D34-B487-2369336B490A}@Points 0x00 0x00 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{D89D79DF-B8AC-424C-A6EA-FDB870C79356} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{D89D79DF-B8AC-424C-A6EA-FDB870C79356}@Type 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{D89D79DF-B8AC-424C-A6EA-FDB870C79356}@Path C:\Users\Micha?\Downloads\mafia11_pl.rar Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{D89D79DF-B8AC-424C-A6EA-FDB870C79356}@DisplayName mafia11_pl.rar Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{D89D79DF-B8AC-424C-A6EA-FDB870C79356}@LastAccessedTime 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F3248B24-A395-4E31-A7EC-3B19C40373B3}\RecentItems\{D89D79DF-B8AC-424C-A6EA-FDB870C79356}@Points 0x00 0x00 0x00 0x00 ---- EOF - GMER 2.2 ----