GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-24 15:29:29 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500418AS rev.CC34 465,76GB Running: ivxnnjrq.exe; Driver: C:\Users\xxx\AppData\Local\Temp\uxriqpow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\CCleaner\CCleaner.exe[2996] USER32.dll!EnableScrollBar 7554199E 5 Bytes JMP 011D1779 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2996] USER32.dll!GetScrollInfo 75522D73 5 Bytes JMP 011D1689 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2996] USER32.dll!GetScrollPos 75540E13 5 Bytes JMP 011D165E C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2996] USER32.dll!GetScrollRange 7554042A 5 Bytes JMP 011D1620 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2996] USER32.dll!SetScrollInfo 755248AA 5 Bytes JMP 011D173F C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2996] USER32.dll!SetScrollPos 7554048E 5 Bytes JMP 011D15F5 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2996] USER32.dll!SetScrollRange 75518E8B 5 Bytes JMP 011D1702 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[2996] USER32.dll!ShowScrollBar 75543C59 5 Bytes JMP 011D16C2 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtCreateFile + 6 77135196 4 Bytes [28, DC, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtCreateFile + B 7713519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtMapViewOfSection + 6 771357F6 4 Bytes [28, DF, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtMapViewOfSection + B 771357FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtOpenFile + 6 771358A6 4 Bytes [68, DC, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtOpenFile + B 771358AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtOpenProcess + 6 77135956 4 Bytes [A8, DD, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtOpenProcess + B 7713595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtOpenProcessToken + B 7713596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtOpenProcessTokenEx + 6 77135976 4 Bytes [A8, DE, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtOpenProcessTokenEx + B 7713597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtOpenThread + 6 771359D6 4 Bytes [68, DD, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtOpenThread + B 771359DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtOpenThreadToken + 6 771359E6 4 Bytes [68, DE, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtOpenThreadToken + B 771359EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtOpenThreadTokenEx + B 771359FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtQueryAttributesFile + 6 77135B06 4 Bytes [A8, DC, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtQueryAttributesFile + B 77135B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtQueryFullAttributesFile + B 77135BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtSetInformationFile + 6 77136206 4 Bytes [28, DD, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtSetInformationFile + B 7713620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtSetInformationThread + 6 77136266 4 Bytes [28, DE, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtSetInformationThread + B 7713626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtUnmapViewOfSection + 6 77136586 4 Bytes [68, DF, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1020] ntdll.dll!NtUnmapViewOfSection + B 7713658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtCreateFile + 6 77135196 4 Bytes [28, 00, 23, 00] {SUB [EAX], AL; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtCreateFile + B 7713519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtMapViewOfSection + 6 771357F6 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtMapViewOfSection + 6 771357F6 4 Bytes [28, 03, 23, 00] {SUB [EBX], AL; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtMapViewOfSection + B 771357FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtOpenFile + 6 771358A6 4 Bytes [68, 00, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtOpenFile + B 771358AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtOpenProcess + 6 77135956 4 Bytes [A8, 01, 23, 00] {TEST AL, 0x1; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtOpenProcess + B 7713595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtOpenProcessToken + B 7713596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtOpenProcessTokenEx + 6 77135976 4 Bytes [A8, 02, 23, 00] {TEST AL, 0x2; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtOpenProcessTokenEx + B 7713597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtOpenThread + 6 771359D6 4 Bytes [68, 01, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtOpenThread + B 771359DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtOpenThreadToken + 6 771359E6 4 Bytes [68, 02, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtOpenThreadToken + B 771359EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtOpenThreadTokenEx + B 771359FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtQueryAttributesFile + 6 77135B06 4 Bytes [A8, 00, 23, 00] {TEST AL, 0x0; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtQueryAttributesFile + B 77135B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtQueryFullAttributesFile + B 77135BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtSetInformationFile + 6 77136206 4 Bytes [28, 01, 23, 00] {SUB [ECX], AL; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtSetInformationFile + B 7713620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtSetInformationThread + 6 77136266 4 Bytes [28, 02, 23, 00] {SUB [EDX], AL; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtSetInformationThread + B 7713626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtUnmapViewOfSection + 6 77136586 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtUnmapViewOfSection + 6 77136586 4 Bytes [68, 03, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1204] ntdll.dll!NtUnmapViewOfSection + B 7713658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtCreateFile + 6 77135196 4 Bytes [28, EC, 88, 00] {SUB AH, CH; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtCreateFile + B 7713519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtMapViewOfSection + 6 771357F6 4 Bytes [28, EF, 88, 00] {SUB BH, CH; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtMapViewOfSection + B 771357FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenFile + 6 771358A6 4 Bytes [68, EC, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenFile + B 771358AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcess + 6 77135956 4 Bytes [A8, ED, 88, 00] {TEST AL, 0xed; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcess + B 7713595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcessToken + B 7713596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcessTokenEx + 6 77135976 4 Bytes [A8, EE, 88, 00] {TEST AL, 0xee; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcessTokenEx + B 7713597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThread + 6 771359D6 4 Bytes [68, ED, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThread + B 771359DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThreadToken + 6 771359E6 4 Bytes [68, EE, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThreadToken + B 771359EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThreadTokenEx + B 771359FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtQueryAttributesFile + 6 77135B06 4 Bytes [A8, EC, 88, 00] {TEST AL, 0xec; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtQueryAttributesFile + B 77135B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtQueryFullAttributesFile + B 77135BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationFile + 6 77136206 4 Bytes [28, ED, 88, 00] {SUB CH, CH; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationFile + B 7713620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationThread + 6 77136266 4 Bytes [28, EE, 88, 00] {SUB DH, CH; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationThread + B 7713626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtUnmapViewOfSection + 6 77136586 4 Bytes [68, EF, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtUnmapViewOfSection + B 7713658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtCreateFile + 6 77135196 4 Bytes [28, D8, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtCreateFile + B 7713519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtMapViewOfSection + 6 771357F6 4 Bytes [28, DB, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtMapViewOfSection + B 771357FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenFile + 6 771358A6 4 Bytes [68, D8, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenFile + B 771358AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcess + 6 77135956 4 Bytes [A8, D9, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcess + B 7713595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcessToken + B 7713596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcessTokenEx + 6 77135976 4 Bytes [A8, DA, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcessTokenEx + B 7713597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThread + 6 771359D6 4 Bytes [68, D9, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThread + B 771359DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThreadToken + 6 771359E6 4 Bytes [68, DA, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThreadToken + B 771359EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThreadTokenEx + B 771359FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtQueryAttributesFile + 6 77135B06 4 Bytes [A8, D8, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtQueryAttributesFile + B 77135B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtQueryFullAttributesFile + B 77135BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtSetInformationFile + 6 77136206 4 Bytes [28, D9, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtSetInformationFile + B 7713620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtSetInformationThread + 6 77136266 4 Bytes [28, DA, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtSetInformationThread + B 7713626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtUnmapViewOfSection + 6 77136586 4 Bytes [68, DB, C6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtUnmapViewOfSection + B 7713658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtCreateFile + 6 77135196 4 Bytes [28, E0, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtCreateFile + B 7713519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtMapViewOfSection + 6 771357F6 4 Bytes [28, E3, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtMapViewOfSection + B 771357FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenFile + 6 771358A6 4 Bytes [68, E0, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenFile + B 771358AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcess + 6 77135956 4 Bytes [A8, E1, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcess + B 7713595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcessToken + B 7713596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcessTokenEx + 6 77135976 4 Bytes [A8, E2, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcessTokenEx + B 7713597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThread + 6 771359D6 4 Bytes [68, E1, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThread + B 771359DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThreadToken + 6 771359E6 4 Bytes [68, E2, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThreadToken + B 771359EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThreadTokenEx + B 771359FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtQueryAttributesFile + 6 77135B06 4 Bytes [A8, E0, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtQueryAttributesFile + B 77135B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtQueryFullAttributesFile + B 77135BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtSetInformationFile + 6 77136206 4 Bytes [28, E1, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtSetInformationFile + B 7713620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtSetInformationThread + 6 77136266 4 Bytes [28, E2, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtSetInformationThread + B 7713626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtUnmapViewOfSection + 6 77136586 4 Bytes [68, E3, 5C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtUnmapViewOfSection + B 7713658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtCreateFile + 6 77135196 4 Bytes [28, 88, C5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtCreateFile + B 7713519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtMapViewOfSection + 6 771357F6 4 Bytes [28, 8B, C5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtMapViewOfSection + B 771357FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenFile + 6 771358A6 4 Bytes [68, 88, C5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenFile + B 771358AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcess + 6 77135956 4 Bytes [A8, 89, C5, 00] {TEST AL, 0x89; LDS EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcess + B 7713595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcessToken + B 7713596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcessTokenEx + 6 77135976 4 Bytes [A8, 8A, C5, 00] {TEST AL, 0x8a; LDS EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcessTokenEx + B 7713597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThread + 6 771359D6 4 Bytes [68, 89, C5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThread + B 771359DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThreadToken + 6 771359E6 4 Bytes [68, 8A, C5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThreadToken + B 771359EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThreadTokenEx + B 771359FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtQueryAttributesFile + 6 77135B06 4 Bytes [A8, 88, C5, 00] {TEST AL, 0x88; LDS EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtQueryAttributesFile + B 77135B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtQueryFullAttributesFile + B 77135BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationFile + 6 77136206 4 Bytes [28, 89, C5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationFile + B 7713620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationThread + 6 77136266 4 Bytes [28, 8A, C5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationThread + B 7713626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtUnmapViewOfSection + 6 77136586 4 Bytes [68, 8B, C5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtUnmapViewOfSection + B 7713658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtCreateFile + 6 77135196 4 Bytes [28, 84, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtCreateFile + B 7713519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtMapViewOfSection + 6 771357F6 4 Bytes [28, 87, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtMapViewOfSection + B 771357FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenFile + 6 771358A6 4 Bytes [68, 84, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenFile + B 771358AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcess + 6 77135956 4 Bytes [A8, 85, 74, 00] {TEST AL, 0x85; JZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcess + B 7713595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessToken + B 7713596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessTokenEx + 6 77135976 4 Bytes [A8, 86, 74, 00] {TEST AL, 0x86; JZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessTokenEx + B 7713597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThread + 6 771359D6 4 Bytes [68, 85, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThread + B 771359DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadToken + 6 771359E6 4 Bytes [68, 86, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadToken + B 771359EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadTokenEx + B 771359FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryAttributesFile + 6 77135B06 4 Bytes [A8, 84, 74, 00] {TEST AL, 0x84; JZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryAttributesFile + B 77135B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryFullAttributesFile + B 77135BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationFile + 6 77136206 4 Bytes [28, 85, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationFile + B 7713620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationThread + 6 77136266 4 Bytes [28, 86, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationThread + B 7713626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtUnmapViewOfSection + 6 77136586 4 Bytes [68, 87, 74, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtUnmapViewOfSection + B 7713658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtCreateFile + 6 77135196 4 Bytes [28, 4C, 9B, 00] {SUB [EBX+EBX*4+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtCreateFile + B 7713519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtMapViewOfSection + 6 771357F6 4 Bytes [28, 4F, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtMapViewOfSection + B 771357FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenFile + 6 771358A6 4 Bytes [68, 4C, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenFile + B 771358AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenProcess + 6 77135956 4 Bytes [A8, 4D, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenProcess + B 7713595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenProcessToken + B 7713596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenProcessTokenEx + 6 77135976 4 Bytes [A8, 4E, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenProcessTokenEx + B 7713597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenThread + 6 771359D6 4 Bytes [68, 4D, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenThread + B 771359DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenThreadToken + 6 771359E6 4 Bytes [68, 4E, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenThreadToken + B 771359EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenThreadTokenEx + B 771359FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtQueryAttributesFile + 6 77135B06 4 Bytes [A8, 4C, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtQueryAttributesFile + B 77135B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtQueryFullAttributesFile + B 77135BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtSetInformationFile + 6 77136206 4 Bytes [28, 4D, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtSetInformationFile + B 7713620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtSetInformationThread + 6 77136266 4 Bytes [28, 4E, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtSetInformationThread + B 7713626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtUnmapViewOfSection + 6 77136586 4 Bytes [68, 4F, 9B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtUnmapViewOfSection + B 7713658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtCreateFile + 6 77135196 4 Bytes [28, F8, 38, 00] {SUB AL, BH; CMP [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtCreateFile + B 7713519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtMapViewOfSection + 6 771357F6 4 Bytes [28, FB, 38, 00] {SUB BL, BH; CMP [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtMapViewOfSection + B 771357FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenFile + 6 771358A6 4 Bytes [68, F8, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenFile + B 771358AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcess + 6 77135956 4 Bytes [A8, F9, 38, 00] {TEST AL, 0xf9; CMP [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcess + B 7713595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcessToken + B 7713596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcessTokenEx + 6 77135976 4 Bytes [A8, FA, 38, 00] {TEST AL, 0xfa; CMP [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcessTokenEx + B 7713597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThread + 6 771359D6 4 Bytes [68, F9, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThread + B 771359DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThreadToken + 6 771359E6 4 Bytes [68, FA, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThreadToken + B 771359EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThreadTokenEx + B 771359FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtQueryAttributesFile + 6 77135B06 4 Bytes [A8, F8, 38, 00] {TEST AL, 0xf8; CMP [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtQueryAttributesFile + B 77135B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtQueryFullAttributesFile + B 77135BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationFile + 6 77136206 4 Bytes [28, F9, 38, 00] {SUB CL, BH; CMP [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationFile + B 7713620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationThread + 6 77136266 4 Bytes [28, FA, 38, 00] {SUB DL, BH; CMP [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationThread + B 7713626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtUnmapViewOfSection + 6 77136586 4 Bytes [68, FB, 38, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtUnmapViewOfSection + B 7713658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtCreateFile + 6 77135196 4 Bytes [28, 20, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtCreateFile + B 7713519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtMapViewOfSection + 6 771357F6 4 Bytes [28, 23, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtMapViewOfSection + B 771357FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenFile + 6 771358A6 4 Bytes [68, 20, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenFile + B 771358AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenProcess + 6 77135956 4 Bytes [A8, 21, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenProcess + B 7713595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenProcessToken + B 7713596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenProcessTokenEx + 6 77135976 4 Bytes [A8, 22, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenProcessTokenEx + B 7713597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenThread + 6 771359D6 4 Bytes [68, 21, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenThread + B 771359DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenThreadToken + 6 771359E6 4 Bytes [68, 22, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenThreadToken + B 771359EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtOpenThreadTokenEx + B 771359FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtQueryAttributesFile + 6 77135B06 4 Bytes [A8, 20, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtQueryAttributesFile + B 77135B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtQueryFullAttributesFile + B 77135BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtSetInformationFile + 6 77136206 4 Bytes [28, 21, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtSetInformationFile + B 7713620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtSetInformationThread + 6 77136266 4 Bytes [28, 22, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtSetInformationThread + B 7713626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtUnmapViewOfSection + 6 77136586 4 Bytes [68, 23, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6044] ntdll.dll!NtUnmapViewOfSection + B 7713658B 1 Byte [E2] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB6292 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!ZwRenameKey + 1549 82E7BF05 1 Byte [06] ? C:\Program Files\UCBrowser\Security Odmowa dostêpu. ---- Files - GMER 2.2 ---- ADS C:\Program Files\UCBrowser\Security:ucdrv-x86.sys 42184 bytes executable <-- ROOTKIT !!! ADS C:\Program Files\UCBrowser\Security:x86 607120 bytes executable ADS C:\Windows\System32\drivers:ucdrv-x86.sys 42184 bytes executable ADS C:\Windows\System32\drivers:x86 610576 bytes executable ---- Devices - GMER 2.2 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.2 ---- Reg HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice@Progid ChromeHTML Reg HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice@Progid ChromeHTML Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\BlueStacks\HD-Agent.exe 0x12 0xB1 0x76 0xE0 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\BlueStacks\HD-Plus-Service.exe 0xA4 0xE4 0x69 0xDB ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\ByteFence\ByteFence.exe 0x1D 0x4E 0x80 0xB1 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\ByteFence\rsEngineHelper.exe 0x01 0x02 0x78 0xE2 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Common Files\Sunhome\uninstall.exe 0xAE 0x63 0xEE 0x14 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Google\Chrome\Application\chrome.exe 0xD2 0xF8 0x66 0x78 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Hi-Rez Studios\HiPatchInstHelper.exe 0x85 0x1C 0x42 0xAA ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Hi-Rez Studios\HiPatchSelfUpdateWindow.exe 0x6F 0x1A 0x12 0x79 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Hi-Rez Studios\HiPatchService.exe 0xA1 0xF1 0x58 0xE3 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe 0x3C 0x9B 0x67 0x9B ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Hi-Rez Studios\HirezLauncherUI.exe 0x42 0x2B 0xF2 0x2A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Hi-Rez Studios\SteamLauncherUI.exe 0x30 0x73 0x22 0x7D ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Master\EasyClicker\EasyClicker Pro 1.3v.exe 0x8E 0x66 0xE8 0x2E ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Microsoft Office\Office15\POWERPNT.EXE 0x69 0x8B 0x8A 0x06 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Microsoft Office\Office15\WINWORD.EXE 0xC8 0x93 0x27 0x0E ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Overwolf\OverwolfUpdater.exe 0xF6 0xD0 0x50 0x3C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Realtek\Audio\SetupAfterRebootService.exe 0x3D 0xA9 0x35 0x5C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\directx_installer\dxsetup.exe 0xF3 0xB8 0x49 0xA1 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\ProgramData\BlueStacks\BluestacksGameManager\HD-Troubleshooter.exe 0xDF 0x80 0x92 0xD6 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\ProgramData\Logic Handler\set.exe 0x74 0x81 0xCE 0xBD ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\ProgramData\Quotenamron\Quotenamron.exe 0x6B 0x21 0x3E 0xA4 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\in2A6C8B5A\7881B44C_stp.EXE 0x08 0xD2 0xAE 0x56 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe 0x91 0xE0 0x1C 0x97 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\RarSFX0\LogicHandler.exe 0x6E 0x58 0x78 0x63 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\xxx\AppData\Roaming\Zenex.exe 0x84 0x84 0x2F 0x5F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\xxx\Desktop\Tibia Loader\tibialoader.exe 0x3D 0x46 0x01 0x13 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\ehome\ehrec.exe 0xA6 0xE9 0x74 0x97 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\ehome\ehshell.exe 0xC8 0xC6 0x7F 0x91 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 0xF6 0x26 0xDE 0xE0 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe 0xD9 0xD2 0xA2 0xDE ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 0x02 0xBD 0x28 0x40 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe 0x8D 0xDC 0xB5 0x6E ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xA2 0x8F 0xAD 0x58 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\rundll32.exe 0xF3 0x12 0xFE 0x8A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe 0x11 0x20 0x42 0x0A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe 0x46 0xF3 0xBC 0xF2 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\wermgr.exe 0x1E 0xC2 0xE2 0xE9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\SMITE\HiRezGames\smite\Binaries\Redist\FlashInstallWrapper.exe 0x45 0xE1 0x6F 0x1B ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\SMITE\hireztemp\HRPUpdate\HiPatchInstHelper.exe 0xED 0xD6 0x24 0x57 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\BikaQRss\BikaQ.exe 0x7A 0xB2 0x76 0xE4 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\BlueStacks\Bluestacks.exe 0xF2 0x6C 0xE9 0xDD ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\BlueStacks\BlueStacksTV.exe 0x34 0x8F 0x45 0xF2 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\BlueStacks\HD-Agent.exe 0xA6 0x69 0x6D 0x96 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\BlueStacks\HD-ApkHandler.exe 0x33 0x48 0x4E 0xDE ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\BlueStacks\HD-Frontend.exe 0xA2 0x24 0xE8 0xDF ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\BlueStacks\HD-LogRotator.exe 0xB2 0x5B 0x57 0xCF ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\BlueStacks\HD-LogRotatorService.exe 0xC4 0x78 0x80 0x8B ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\BlueStacks\HD-Quit.exe 0x5E 0x87 0xB3 0xEE ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\BlueStacks\HD-QuitMultiInstance.exe 0xE1 0x4F 0xF3 0x86 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\BlueStacks\HD-RunApp.exe 0x55 0x2E 0x93 0xDF ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\BlueStacks\HD-Service.exe 0x23 0xDE 0xE3 0x90 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\BlueStacks\HD-StartLauncher.exe 0x8E 0x1C 0x78 0xDF ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\BlueStacks\HD-Uninstaller.exe 0xEA 0xDB 0x81 0xEB ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\BlueStacks\HD-UpdaterService.exe 0xD8 0xDF 0x85 0x90 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\ByteFence\ByteFence.exe 0x65 0x16 0x4D 0x79 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe 0xA9 0xE5 0x72 0x51 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Overwolf\0.97.31.0\OWCleanup.exe 0x58 0xFA 0x43 0xDF ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Overwolf\0.97.31.0\OWUninstallMenu.exe 0x9A 0xED 0xBA 0xD3 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Overwolf\OverwolfUpdater.exe 0xAE 0x00 0x41 0xDB ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\PRO PC Cleaner\InstAct.exe 0xBD 0xDC 0xA8 0x3A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\PRO PC Cleaner\PROPCCleaner.exe 0x71 0xE1 0xDA 0x24 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Steam\steamerrorreporter.exe 0x65 0x0A 0xDA 0x2F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe 0x3C 0x52 0xB2 0x25 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\AppData\Local\Facebook\Games\FacebookGameroom.exe 0xA7 0x04 0x34 0xFA ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\7zS35B6.tmp\BlueStacks-ThinInstaller_0.10.7.5601.exe 0xC0 0xAC 0xE6 0x57 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\7zS4107.tmp\BlueStacks-Installer_2.3.32.6227.exe 0xC9 0xB6 0xBE 0xF5 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\7zSADB2.tmp\BlueStacks-Installer_2.6.100.6363.exe 0x83 0xD9 0xF1 0x60 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\7zSCAC3.tmp\BlueStacks-Installer_2.6.100.6363.exe 0xCB 0x62 0x9C 0x63 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\Epic-74eb99f5-da83-4001-b3cb-3fd80e54aed1\Binaries\UnSetup.exe 0x9A 0x49 0x21 0xE5 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\AppData\Local\Temp\HD-Uninstaller.exe 0x1A 0x61 0xD9 0xEB ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\AppData\Roaming\Curse Client\Bin\Curse.Companion.FriendsHelper.exe 0xA0 0x81 0x8A 0x03 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\AppData\Roaming\Curse Client\Bin\Curse.exe 0x15 0xBC 0x8A 0xE6 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\AppData\Roaming\Curse Client\Bin\Curse.OverlayHelper.exe 0x21 0x1F 0xC8 0x7C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\AppData\Roaming\Curse Client\Bin\CurseClientUpdater.exe 0xB7 0x0D 0x26 0x67 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\AppData\Roaming\Curse Client\Bin\CurseSetupHelper.exe 0x7E 0x64 0xB1 0x8B ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\AppData\Roaming\Curse Client\Bin\Overlay\v7.1.6018.41463\CurseOverlayBridge.exe 0xE6 0x7A 0x6C 0x36 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\Desktop\Downloads\FacebookGameroom.exe 0x57 0xE3 0x22 0xA9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\Desktop\Downloads\FRST.exe 0xFD 0x8D 0xFE 0xF6 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\Desktop\Downloads\PokeSniper2_v1.9\PokeSniper2.exe 0x70 0xC2 0x38 0x02 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\Desktop\FRST.exe 0xE8 0x3A 0xA1 0x0F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\Desktop\pidgeybot\PidgeyBot.exe 0x1E 0xD4 0x6A 0x61 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\Desktop\PokeBuddy\PokeBuddy.exe 0x2B 0xE3 0x26 0x5A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\Desktop\pokemon go hack\pidgeybot\PidgeyBot.exe 0xA0 0x34 0xDD 0x87 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\Desktop\pokemon go hack\PokeBuddy\PokeBuddy.exe 0x66 0xC8 0x89 0x5D ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\Desktop\pokemon go hack\Release1\Release\NecroBot.exe 0x5E 0x6C 0xA5 0x4D ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\Desktop\pokemon go hack\Release2\Release\NecroBot.exe 0xA9 0x19 0xB6 0x3B ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\Desktop\pokemon go hack\Release\Release\NecroBot.exe 0x8D 0x5B 0x8D 0x99 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\Desktop\Release\Release\NecroBot.exe 0x56 0xE6 0x6A 0xD2 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\xxx\Desktop\Tibia Loader\updater.exe 0xEB 0x43 0xF4 0x14 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xF4 0xEA 0xE7 0x72 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe 0xFB 0xAB 0xED 0x8E ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\CompatTelRunner.exe 0x73 0xD7 0x3E 0xE7 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe 0x9F 0xEC 0xA3 0xE4 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rundll32.exe 0xD4 0x16 0x61 0x85 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe 0x83 0x87 0x06 0x98 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@B8EEF28F 488 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures@UCBrowserUpdaterCore.job.fp 1552722277 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 1902 ---- Services - GMER 2.2 ---- Service C:\Program Files\UCBrowser\Security:ucdrv-x86.sys [SYSTEM] ucdrv <-- ROOTKIT !!! ---- EOF - GMER 2.2 ----