GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-20 17:03:53 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000030 WDC_WD5000AAKX-00ERMA0 rev.15.01H15 465,76GB Running: gmer.exe; Driver: C:\Users\Tomasz\AppData\Local\Temp\kwroipoc.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [548:608] fffff01904336c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions NOEXECUTE=OPTIN Reg HKLM\SYSTEM\CurrentControlSet\Control@LastBootShutdown 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Classes\{4d36e96b-e325-11ce-bfc1-08002be10318}@HID\VID_046D&PID_C312\6&2442419C&2&0000 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Classes\{4d36e96f-e325-11ce-bfc1-08002be10318} Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Classes\{4d36e96f-e325-11ce-bfc1-08002be10318}@HID\WmVirtualDevice\2&2b3e62a0&1&0000 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Classes\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}@HID\VID_0079&PID_0006\6&37843162&0&0000 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Classes\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}@HID\VID_045E&PID_028E&IG_00\7&3a5fb890&0&0000 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_0079&PID_0006 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_0079&PID_0006\6&37843162&0&0000 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_0079&PID_0006\6&37843162&0&0000@Capabilities 224 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_0079&PID_0006\6&37843162&0&0000@ClassGuid {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_0079&PID_0006\6&37843162&0&0000@CompatibleIds Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_0079&PID_0006\6&37843162&0&0000@DriverInfName input.inf Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_0079&PID_0006\6&37843162&0&0000@HardwareIds HID\VID_0079&PID_0006&REV_0107?HID\VID_0079&PID_0006?HID_DEVICE_SYSTEM_GAME?HID_DEVICE_UP:0001_U:0004?HID_DEVICE? Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_0079&PID_0006\6&37843162&0&0000@LastPresentDate 0x63 0xEA 0x17 0xC2 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_0079&PID_0006\6&37843162&0&0000@MatchingDeviceId HID_DEVICE_SYSTEM_GAME Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_0079&PID_0006\6&37843162&0&0000@Present 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_0079&PID_0006\6&37843162&0&0000\Interfaces Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_0079&PID_0006\6&37843162&0&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030} Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_045E&PID_028E&IG_00 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_045E&PID_028E&IG_00\7&3a5fb890&0&0000 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_045E&PID_028E&IG_00\7&3a5fb890&0&0000@Capabilities 224 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_045E&PID_028E&IG_00\7&3a5fb890&0&0000@ClassGuid {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_045E&PID_028E&IG_00\7&3a5fb890&0&0000@CompatibleIds Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_045E&PID_028E&IG_00\7&3a5fb890&0&0000@DriverInfName input.inf Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_045E&PID_028E&IG_00\7&3a5fb890&0&0000@HardwareIds HID\VID_045E&PID_028E&IG_00?HID_DEVICE_SYSTEM_GAME?HID_DEVICE_UP:0001_U:0005?HID_DEVICE? Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_045E&PID_028E&IG_00\7&3a5fb890&0&0000@LastPresentDate 0x73 0x49 0x1F 0xB3 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_045E&PID_028E&IG_00\7&3a5fb890&0&0000@MatchingDeviceId HID_DEVICE_SYSTEM_GAME Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_045E&PID_028E&IG_00\7&3a5fb890&0&0000@Present 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_045E&PID_028E&IG_00\7&3a5fb890&0&0000\Interfaces Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_045E&PID_028E&IG_00\7&3a5fb890&0&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030} Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000@Capabilities 160 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000@ClassGuid {4d36e96b-e325-11ce-bfc1-08002be10318} Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000@CompatibleIds Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000@DriverInfName keyboard.inf Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000@HardwareIds HID\VID_046D&PID_C312&REV_0101?HID\VID_046D&PID_C312?HID_DEVICE_SYSTEM_KEYBOARD?HID_DEVICE_UP:0001_U:0006?HID_DEVICE? Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000@LastPresentDate 0x9D 0x15 0x7B 0xA1 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000@MatchingDeviceId HID_DEVICE_SYSTEM_KEYBOARD Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000@Present 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000@Duplicate 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000\Interfaces Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030} Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b} Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0002 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0002@ 0x01 0x00 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0003 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0003@ 0x06 0x00 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0004 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0004@ 0x00 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0005 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0005@ 0x6D 0x04 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0006 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0006@ 0x12 0xC3 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0007 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0007@ 0x01 0x01 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\VID_046D&PID_C312\6&2442419C&2&0000\Interfaces\{884b96c3-56ef-11d1-bc8c-00a0c91405dd} Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000@Capabilities 160 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000@ClassGuid {4d36e96f-e325-11ce-bfc1-08002be10318} Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000@CompatibleIds Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000@DriverInfName msmouse.inf Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000@HardwareIds HID\WmVirtualDevice?HID_DEVICE_SYSTEM_MOUSE?HID_DEVICE_UP:0001_U:0002?HID_DEVICE? Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000@LastPresentDate 0x63 0xEA 0x17 0xC2 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000@MatchingDeviceId HID_DEVICE_SYSTEM_MOUSE Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000@Present 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Device Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Device@FlipFlopHScroll 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Device@FlipFlopWheel 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Device@ForceAbsolute 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Device@HScrollHighResolutionDisable 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Device@HScrollPageOverride 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Device@HScrollUsageOverride 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Device@VScrollHighResolutionDisable 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Device@VScrollPageOverride 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Device@VScrollUsageOverride 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Interfaces Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Interfaces\{378de44c-56ef-11d1-bc8c-00a0c91405dd} Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030} Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b} Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0002 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0002@ 0x01 0x00 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0003 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0003@ 0x02 0x00 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0004 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0004@ 0xFF Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0005 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0005@ 0x6D 0x04 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0006 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0006@ 0x2C 0xC0 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0007 Reg HKLM\SYSTEM\CurrentControlSet\Control\DeviceMigration\Devices\HID\WmVirtualDevice\2&2b3e62a0&1&0000\Interfaces\{4d1e55b2-f16f-11cf-88cb-001111000030}\Properties\{cbf38310-4a17-4310-a1eb-247f0b67593b}\0007@ 0x01 0x00 Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 808 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900373 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1739638510 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 64 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 497358452 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 4595 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 3862 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID a190c04d-a7bb-4d6d-ba7e-5ebd8aa Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AITEventLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Enum@NextParentID.2ad4434.6 1 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\UnitedVideo\SERVICES\BASICDISPLAY@DefaultSettings.XResolution 1920 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\UnitedVideo\SERVICES\BASICDISPLAY@DefaultSettings.YResolution 1080 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:0D1CEF01-00DC-1000-AC21-4844F756FE13\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:0D1CEF01-00DC-1000-AC21-4844F756FE13\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x04 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{7C24C9AE-24F8-4043-AF8A-E3C537A24469}@LastAccessedTime 0xF0 0x98 0x5B 0x4E ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{7C24C9AE-24F8-4043-AF8A-E3C537A24469}@LaunchCount 3 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance@MessageTime 0xFF 0x95 0x6D 0xAC ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC@8 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Connect.lnk?C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe?/showMiniGui? ---- Files - GMER 2.2 ---- File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\Sounds To Sample EVAC Vol.1\EVAC sylenth 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\Sounds To Sample Indie Underground Vol.1\Sylenth1 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\Sounds to Sample Organic Talkbox Grooves\Always Gonna Love Me 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\Sounds to Sample Organic Talkbox Grooves\Bow Wow 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\Sounds to Sample Organic Talkbox Grooves\Double Yeahs 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\Sounds to Sample Organic Talkbox Grooves\Feel The Beat 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\Sounds to Sample Organic Talkbox Grooves\Funk Riff 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\Sounds to Sample Organic Talkbox Grooves\I Got A Dream 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\Sounds to Sample Organic Talkbox Grooves\It's Alright 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\Sounds to Sample Organic Talkbox Grooves\Move Your Body 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\SPF Samplers Deep and Tech\SINGLE PRESETS\ARP & SEQ 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\SPF Samplers Deep and Tech\SINGLE PRESETS\BASS 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\SPF Samplers Deep and Tech\SINGLE PRESETS\EXTRAS 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\SPF Samplers Deep and Tech\SINGLE PRESETS\KEYS 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\SPF Samplers Deep and Tech\SINGLE PRESETS\SYNTH 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\SPF Samplers Deep Minimal\SINGLE PRESETS\ARP&SEQ 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\SPF Samplers Deep Minimal\SINGLE PRESETS\BASS 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\SPF Samplers Deep Minimal\SINGLE PRESETS\EXTRA 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\SPF Samplers Deep Minimal\SINGLE PRESETS\FX 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\SPF Samplers Deep Minimal\SINGLE PRESETS\KEY 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\SPF Samplers Deep Minimal\SINGLE PRESETS\LEADS 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\SPF Samplers Deep Minimal\SINGLE PRESETS\PAD 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Sounds To Sample\SPF Samplers Deep Minimal\SINGLE PRESETS\SYNTHS 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Zenhiser\Zenhiser - Progressive House\SPH - Sylenth Presets\SPH - Presets - Bass 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Zenhiser\Zenhiser - Progressive House\SPH - Sylenth Presets\SPH - Presets - Blips 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Zenhiser\Zenhiser - Progressive House\SPH - Sylenth Presets\SPH - Presets - FX 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Zenhiser\Zenhiser - Progressive House\SPH - Sylenth Presets\SPH - Presets - Leads 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Zenhiser\Zenhiser - Progressive House\SPH - Sylenth Presets\SPH - Presets - Pads 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Zenhiser\Zenhiser - Progressive House\SPH - Sylenth Presets\SPH - Presets - Sequences 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Zenhiser\Zenhiser - Sylenth Minimal Techno\SMT - Sylenth Presets\SMT - Presets - Arp-Seq 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Zenhiser\Zenhiser - Sylenth Minimal Techno\SMT - Sylenth Presets\SMT - Presets - Bass 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Zenhiser\Zenhiser - Sylenth Minimal Techno\SMT - Sylenth Presets\SMT - Presets - FX 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Zenhiser\Zenhiser - Sylenth Minimal Techno\SMT - Sylenth Presets\SMT - Presets - Pad 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Zenhiser\Zenhiser - Sylenth Minimal Techno\SMT - Sylenth Presets\SMT - Presets - Synth 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Zenhiser\Zenhiser - Sylenth Underground Techno\SUT - Sylenth Presets 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Zenhiser\Zenhiser - Sylenth Underground Techno\SUT - Sylenth Presets\SUT - Presets - Arp-Seq 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Zenhiser\Zenhiser - Sylenth Underground Techno\SUT - Sylenth Presets\SUT - Presets - Bass 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Zenhiser\Zenhiser - Sylenth Underground Techno\SUT - Sylenth Presets\SUT - Presets - FX 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Zenhiser\Zenhiser - Sylenth Underground Techno\SUT - Sylenth Presets\SUT - Presets - Pad 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\!Zenhiser\Zenhiser - Sylenth Underground Techno\SUT - Sylenth Presets\SUT - Presets - Synth 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\RS Aiyn Zahev Sounds - Colours Vol.2 Sylenth1\presets 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\SB_P&T 101 Trance Midi Construction Kits\midi Kits\Kit 100 (Exodus) (138 BPM) (G) 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\SB_P&T 101 Trance Midi Construction Kits\midi Kits\Kit 16 (Chakra) (137 BPM) (A) 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\SB_P&T 101 Trance Midi Construction Kits\midi Kits\Kit 2 (What Dreams May Come) (137 BPM) (F#) 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\SB_P&T 101 Trance Midi Construction Kits\midi Kits\Kit 3 (No Angels Tonight) (137 BPM) (F) 0 bytes File C:\Users\Tomasz\Downloads\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth1 38.000 Presets + 888 Banks Up-Date [dada]\Sylenth 1\! midi + presets pack\SB_P&T 101 Trance Midi Construction Kits\midi Kits\Kit 38 (South Beach) (132 BPM) (A) 0 bytes ---- EOF - GMER 2.2 ----