GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-30 23:49:07 Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: olecwv37.exe; Driver: C:\Users\jan\AppData\Local\Temp\pwldypow.sys ---- System - GMER 2.2 ---- SSDT \??\C:\Windows\system32\drivers\kisknl.sys ZwCreateUserProcess [0x8FD138DA] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwQueryLicenseValue + B78 820A69DC 5 Bytes CALL 8FD1FE3E \??\C:\Windows\system32\drivers\kisknl.sys .text ntkrnlpa.exe!KeSetTimerEx + 918 82107F3C 4 Bytes [DA, 38, D1, 8F] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\kingsoft\kingsoft antivirus\kxetray.exe[3720] SHELL32.dll!ShellExecuteW 7656A2C5 5 Bytes JMP 00408C04 C:\Program Files\kingsoft\kingsoft antivirus\kxetray.exe .text C:\Windows\explorer.exe[11068] kernel32.dll!CreateProcessW 776B1C01 5 Bytes JMP 024D5840 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Windows\explorer.exe[11068] kernel32.dll!CreateProcessInternalW 776D9AD0 5 Bytes JMP 024D40E0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Windows\explorer.exe[11068] kernel32.dll!CreateProcessInternalA 776E05BD 5 Bytes JMP 024D44E0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Windows\explorer.exe[11068] ADVAPI32.dll!RegSetValueExA 7743B8F1 7 Bytes JMP 024D6FA0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Windows\explorer.exe[11068] ADVAPI32.dll!RegQueryValueExA 7744D639 7 Bytes JMP 024D5030 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Windows\explorer.exe[11068] ADVAPI32.dll!RegQueryValueExW 7745F79F 7 Bytes JMP 024D53F0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Windows\explorer.exe[11068] SHLWAPI.dll!SHRegGetUSValueW 77245C11 5 Bytes JMP 024D4E90 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Windows\explorer.exe[11068] SHELL32.dll!ShellExecuteExW 765BFFBD 5 Bytes JMP 024D3F80 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Windows\explorer.exe[11068] SHELL32.dll!ShellExecuteExW + 1247 765C1204 4 Bytes [04, 00, 80, 01] .text C:\Windows\explorer.exe[11068] SHELL32.dll!ShellExecuteExW + 197E 765C193B 5 Bytes JMP 024D0790 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Windows\explorer.exe[11068] SHELL32.dll!SHEnumerateUnreadMailAccountsW + 13F4 76743272 5 Bytes JMP 02502E10 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] ntdll.dll!NtCreateProcess 77A67D38 5 Bytes JMP 02FC2DB0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] ntdll.dll!NtCreateProcessEx 77A67D48 5 Bytes JMP 02FC2D20 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] kernel32.dll!CreateProcessW 776B1C01 5 Bytes JMP 02FC5780 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] kernel32.dll!CreateProcessA 776B1C36 5 Bytes JMP 02FC56E0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] kernel32.dll!CopyFileW 776B6FAD 5 Bytes JMP 02FC3630 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] kernel32.dll!CopyFileExW 776BBFA1 7 Bytes JMP 02FC3400 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] kernel32.dll!MoveFileWithProgressW 776D1104 5 Bytes JMP 02FF2CD0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] kernel32.dll!LoadLibraryExW 776D374A 7 Bytes JMP 02FC3A10 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] kernel32.dll!LoadLibraryW 776D382D 5 Bytes JMP 02FC3880 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] kernel32.dll!LoadLibraryExA 776D9649 5 Bytes JMP 02FC3900 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] kernel32.dll!LoadLibraryA 776D9671 5 Bytes JMP 02FC36F0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] kernel32.dll!CreateProcessInternalW 776D9AD0 5 Bytes JMP 02FC40E0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] kernel32.dll!CreateProcessInternalA 776E05BD 5 Bytes JMP 02FC44E0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] kernel32.dll!CopyFileA 77702187 5 Bytes JMP 02FC34C0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] kernel32.dll!CopyFileExA 77741291 5 Bytes JMP 02FC3280 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] kernel32.dll!WinExec + 5 77745810 6 Bytes JMP 02FC3EC0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] SHELL32.dll!SHFileOperationW 7659CD3E 5 Bytes JMP 02FF2DF0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] SHELL32.dll!ShellExecuteEx 76768C3A 5 Bytes JMP 02FC46D0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] WS2_32.dll!WSASend 77684496 5 Bytes JMP 02FC1650 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] WS2_32.dll!send 7768659B 5 Bytes JMP 02FC1470 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] WININET.dll!InternetOpenUrlA 76482713 5 Bytes JMP 02FC30B0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] WININET.dll!HttpOpenRequestA 764854E6 5 Bytes JMP 02FC2E40 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] WININET.dll!HttpOpenRequestW 764934A9 5 Bytes JMP 02FC2F70 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] WININET.dll!InternetConnectW 764936E3 5 Bytes JMP 02FC3010 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15632] WININET.dll!InternetOpenUrlW 764D8515 5 Bytes JMP 02FC31E0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtCreateFile + 6 77A67C7E 4 Bytes [28, 74, FF, 00] {SUB [EDI+EDI*8+0x0], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtCreateFile + B 77A67C83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtCreateProcess 77A67D38 5 Bytes JMP 04232DB0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtCreateProcessEx 77A67D48 5 Bytes JMP 04232D20 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtMapViewOfSection + 6 77A683CE 4 Bytes [28, 77, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtMapViewOfSection + B 77A683D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtOpenFile + 6 77A6845E 4 Bytes [68, 74, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtOpenFile + B 77A68463 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtOpenProcess + 6 77A684DE 4 Bytes [A8, 75, FF, 00] {TEST AL, 0x75; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtOpenProcess + B 77A684E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtOpenProcessToken + B 77A684F3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtOpenProcessTokenEx + 6 77A684FE 4 Bytes [A8, 76, FF, 00] {TEST AL, 0x76; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtOpenProcessTokenEx + B 77A68503 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtOpenThread + 6 77A6854E 4 Bytes [68, 75, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtOpenThread + B 77A68553 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtOpenThreadToken + 6 77A6855E 4 Bytes [68, 76, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtOpenThreadToken + B 77A68563 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtOpenThreadTokenEx + B 77A68573 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtQueryAttributesFile + 6 77A685FE 4 Bytes [A8, 74, FF, 00] {TEST AL, 0x74; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtQueryAttributesFile + B 77A68603 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtQueryFullAttributesFile + B 77A686B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtSetInformationFile + 6 77A68B8E 4 Bytes [28, 75, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtSetInformationFile + B 77A68B93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtSetInformationThread + 6 77A68BDE 4 Bytes [28, 76, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtSetInformationThread + B 77A68BE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtUnmapViewOfSection + 6 77A68E7E 4 Bytes [68, 77, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] ntdll.dll!NtUnmapViewOfSection + B 77A68E83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] kernel32.dll!CreateProcessW 776B1C01 5 Bytes JMP 04235780 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] kernel32.dll!CreateProcessA 776B1C36 5 Bytes JMP 042356E0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] kernel32.dll!CopyFileW 776B6FAD 5 Bytes JMP 04233630 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] kernel32.dll!CopyFileExW 776BBFA1 7 Bytes JMP 04233400 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] kernel32.dll!MoveFileWithProgressW 776D1104 5 Bytes JMP 04262CD0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] kernel32.dll!LoadLibraryExW 776D374A 7 Bytes JMP 04233A10 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] kernel32.dll!LoadLibraryW 776D382D 5 Bytes JMP 04233880 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] kernel32.dll!LoadLibraryExA 776D9649 5 Bytes JMP 04233900 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] kernel32.dll!LoadLibraryA 776D9671 5 Bytes JMP 042336F0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] kernel32.dll!CreateProcessInternalW 776D9AD0 5 Bytes JMP 042340E0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] kernel32.dll!CreateProcessInternalA 776E05BD 5 Bytes JMP 042344E0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] kernel32.dll!CopyFileA 77702187 5 Bytes JMP 042334C0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] kernel32.dll!CopyFileExA 77741291 5 Bytes JMP 04233280 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] kernel32.dll!WinExec + 5 77745810 6 Bytes JMP 04233EC0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] SHELL32.dll!SHFileOperationW 7659CD3E 5 Bytes JMP 04262DF0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] SHELL32.dll!ShellExecuteEx 76768C3A 5 Bytes JMP 042346D0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] WS2_32.dll!WSASend 77684496 5 Bytes JMP 04231650 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] WS2_32.dll!send 7768659B 5 Bytes JMP 04231470 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] WININET.dll!InternetOpenUrlA 76482713 5 Bytes JMP 042330B0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] WININET.dll!HttpOpenRequestA 764854E6 5 Bytes JMP 04232E40 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] WININET.dll!HttpOpenRequestW 764934A9 5 Bytes JMP 04232F70 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] WININET.dll!InternetConnectW 764936E3 5 Bytes JMP 04233010 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[15700] WININET.dll!InternetOpenUrlW 764D8515 5 Bytes JMP 042331E0 C:\Program Files\kingsoft\kingsoft antivirus\kswebshield.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtCreateFile + 6 77A67C7E 4 Bytes [28, A0, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtCreateFile + B 77A67C83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtMapViewOfSection + 6 77A683CE 4 Bytes [28, A3, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtMapViewOfSection + B 77A683D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtOpenFile + 6 77A6845E 4 Bytes [68, A0, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtOpenFile + B 77A68463 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtOpenProcess + 6 77A684DE 4 Bytes [A8, A1, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtOpenProcess + B 77A684E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtOpenProcessToken + B 77A684F3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtOpenProcessTokenEx + 6 77A684FE 4 Bytes [A8, A2, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtOpenProcessTokenEx + B 77A68503 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtOpenThread + 6 77A6854E 4 Bytes [68, A1, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtOpenThread + B 77A68553 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtOpenThreadToken + 6 77A6855E 4 Bytes [68, A2, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtOpenThreadToken + B 77A68563 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtOpenThreadTokenEx + B 77A68573 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtQueryAttributesFile + 6 77A685FE 4 Bytes [A8, A0, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtQueryAttributesFile + B 77A68603 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtQueryFullAttributesFile + B 77A686B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtSetInformationFile + 6 77A68B8E 4 Bytes [28, A1, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtSetInformationFile + B 77A68B93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtSetInformationThread + 6 77A68BDE 4 Bytes [28, A2, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtSetInformationThread + B 77A68BE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtUnmapViewOfSection + 6 77A68E7E 4 Bytes [68, A3, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[17992] ntdll.dll!NtUnmapViewOfSection + B 77A68E83 1 Byte [E2] ---- Devices - GMER 2.2 ---- AttachedDevice \FileSystem\Ntfs \Ntfs kisknl.sys Device \Driver\BTHUSB \Device\0000024b bthport.sys AttachedDevice \Driver\tdx \Device\Tcp kdhacker.sys AttachedDevice \Driver\tdx \Device\Udp kdhacker.sys Device \Driver\BTHUSB \Device\00000249 bthport.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat kisknl.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001644ffbe72 Reg HKLM\SYSTEM\ControlSet004\Services\BthPort\Parameters\Keys\001644ffbe72 (not active ControlSet) ---- EOF - GMER 2.2 ----