GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-04 21:53:35 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 Running: wup8lteo.exe; Driver: C:\Users\Ania\AppData\Local\Temp\kxldrpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8FE3FFC4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8FD3E510] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8FE42456] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8FE424AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8FE425C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8FE423AC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8FE424FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8FE42400] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8FE42572] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8FE3FFE8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8FD3E5C0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8FE3FDB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8FE4000C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8FE429BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8FE40AA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8FE42486] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8FE424D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8FE425EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8FE423D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8FE4253E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8FE4242E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8FE4259C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8FD3E658] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8FE4096A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8FE40030] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8FE40054] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8FE3FE0C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8FE3FF48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8FE3FF24] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8FE3FF6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8FE40078] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8FD527A2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 82887369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828C0D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 828C7D80 4 Bytes [C4, FF, E3, 8F] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 828C7DA8 4 Bytes [10, E5, D3, 8F] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 828C7E5C 8 Bytes [56, 24, E4, 8F, AE, 24, E4, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 828C7E68 4 Bytes [C4, 25, E4, 8F] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 828C7E84 4 Bytes [AC, 23, E4, 8F] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A54BE8 5 Bytes JMP 8FD4F69C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 82A6D1D0 5 Bytes JMP 8FD51174 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82A82317 4 Bytes CALL 8FE41025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82A9C0E9 4 Bytes CALL 8FE4103B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82B25F30 7 Bytes JMP 8FD527A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\System32\igfxpers.exe[112] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001603FC .text C:\Windows\System32\igfxpers.exe[112] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001601F8 .text C:\Windows\System32\igfxpers.exe[112] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\System32\igfxpers.exe[112] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00210A08 .text C:\Windows\System32\igfxpers.exe[112] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 002103FC .text C:\Windows\System32\igfxpers.exe[112] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00210804 .text C:\Windows\System32\igfxpers.exe[112] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 002101F8 .text C:\Windows\System32\igfxpers.exe[112] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00210600 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[376] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[376] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[376] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[376] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 000F0A08 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[376] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 000F03FC .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[376] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 000F0804 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[376] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 000F01F8 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[376] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 000F0600 .text C:\Windows\system32\csrss.exe[452] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[500] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[500] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[500] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[500] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[500] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001003FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[500] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00100804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[500] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001001F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[500] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00100600 .text C:\Windows\system32\wininit.exe[504] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000703FC .text C:\Windows\system32\wininit.exe[504] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000701F8 .text C:\Windows\system32\wininit.exe[504] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\wininit.exe[504] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00110A08 .text C:\Windows\system32\wininit.exe[504] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001103FC .text C:\Windows\system32\wininit.exe[504] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00110804 .text C:\Windows\system32\wininit.exe[504] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001101F8 .text C:\Windows\system32\wininit.exe[504] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00110600 .text C:\Windows\system32\csrss.exe[516] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\services.exe[560] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\services.exe[560] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\services.exe[560] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\lsass.exe[576] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\lsass.exe[576] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsass.exe[576] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Program Files\Apoint2K\Apoint.exe[580] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001503FC .text C:\Program Files\Apoint2K\Apoint.exe[580] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001501F8 .text C:\Program Files\Apoint2K\Apoint.exe[580] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Program Files\Apoint2K\Apoint.exe[580] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 001E0A08 .text C:\Program Files\Apoint2K\Apoint.exe[580] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001E03FC .text C:\Program Files\Apoint2K\Apoint.exe[580] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 001E0804 .text C:\Program Files\Apoint2K\Apoint.exe[580] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001E01F8 .text C:\Program Files\Apoint2K\Apoint.exe[580] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 001E0600 .text C:\Windows\system32\lsm.exe[584] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\lsm.exe[584] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsm.exe[584] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[692] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[692] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[692] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe[776] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001603FC .text C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe[776] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001601F8 .text C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe[776] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe[776] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe[776] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001F03FC .text C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe[776] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 001F0804 .text C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe[776] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe[776] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 001F0600 .text C:\Windows\system32\svchost.exe[780] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[780] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[780] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\winlogon.exe[828] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[828] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[828] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\winlogon.exe[828] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 000C0A08 .text C:\Windows\system32\winlogon.exe[828] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 000C03FC .text C:\Windows\system32\winlogon.exe[828] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 000C0804 .text C:\Windows\system32\winlogon.exe[828] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 000C01F8 .text C:\Windows\system32\winlogon.exe[828] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 000C0600 .text C:\Windows\System32\svchost.exe[884] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[884] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[884] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[884] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00410A08 .text C:\Windows\System32\svchost.exe[884] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 004103FC .text C:\Windows\System32\svchost.exe[884] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00410804 .text C:\Windows\System32\svchost.exe[884] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 004101F8 .text C:\Windows\System32\svchost.exe[884] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00410600 .text C:\Windows\System32\svchost.exe[972] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[972] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[972] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00910A08 .text C:\Windows\System32\svchost.exe[972] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 009103FC .text C:\Windows\System32\svchost.exe[972] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00910804 .text C:\Windows\System32\svchost.exe[972] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 009101F8 .text C:\Windows\System32\svchost.exe[972] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00910600 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtCreateFile + 6 770955CE 4 Bytes [28, 00, 17, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtCreateFile + B 770955D3 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtMapViewOfSection + 6 77095C2E 1 Byte [28] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtMapViewOfSection + 6 77095C2E 4 Bytes [28, 03, 17, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtMapViewOfSection + B 77095C33 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenFile + 6 77095CDE 4 Bytes [68, 00, 17, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenFile + B 77095CE3 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenProcess + 6 77095D8E 4 Bytes [A8, 01, 17, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenProcess + B 77095D93 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenProcessToken + 6 77095D9E 4 Bytes CALL 760974A4 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenProcessToken + B 77095DA3 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenProcessTokenEx + 6 77095DAE 4 Bytes [A8, 02, 17, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenProcessTokenEx + B 77095DB3 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenThread + 6 77095E0E 4 Bytes [68, 01, 17, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenThread + B 77095E13 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenThreadToken + 6 77095E1E 4 Bytes [68, 02, 17, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenThreadToken + B 77095E23 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenThreadTokenEx + 6 77095E2E 4 Bytes CALL 76097535 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenThreadTokenEx + B 77095E33 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtQueryAttributesFile + 6 77095F3E 4 Bytes [A8, 00, 17, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtQueryAttributesFile + B 77095F43 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtQueryFullAttributesFile + 6 77095FEE 4 Bytes CALL 760976F3 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtQueryFullAttributesFile + B 77095FF3 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtSetInformationFile + 6 7709663E 4 Bytes [28, 01, 17, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtSetInformationFile + B 77096643 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtSetInformationThread + 6 7709669E 4 Bytes [28, 02, 17, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtSetInformationThread + B 770966A3 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtUnmapViewOfSection + 6 770969BE 1 Byte [68] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtUnmapViewOfSection + 6 770969BE 4 Bytes [68, 03, 17, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtUnmapViewOfSection + B 770969C3 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001903FC .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001901F8 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00230A08 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 002303FC .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00230804 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 002301F8 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1000] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00230600 .text C:\Windows\system32\svchost.exe[1024] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1024] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1024] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00D80A08 .text C:\Windows\system32\svchost.exe[1024] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 00D803FC .text C:\Windows\system32\svchost.exe[1024] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00D80804 .text C:\Windows\system32\svchost.exe[1024] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 00D801F8 .text C:\Windows\system32\svchost.exe[1024] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00D80600 .text C:\Windows\system32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1080] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00350A08 .text C:\Windows\system32\svchost.exe[1080] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 003503FC .text C:\Windows\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00350804 .text C:\Windows\system32\svchost.exe[1080] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 003501F8 .text C:\Windows\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00350600 .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1164] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1164] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00430A08 .text C:\Windows\system32\svchost.exe[1164] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 004303FC .text C:\Windows\system32\svchost.exe[1164] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00430804 .text C:\Windows\system32\svchost.exe[1164] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 004301F8 .text C:\Windows\system32\svchost.exe[1164] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00430600 .text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtCreateFile + 6 770955CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtCreateFile + B 770955D3 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtMapViewOfSection + 6 77095C2E 1 Byte [28] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtMapViewOfSection + 6 77095C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtMapViewOfSection + B 77095C33 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenFile + 6 77095CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenFile + B 77095CE3 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenProcess + 6 77095D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenProcess + B 77095D93 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenProcessToken + 6 77095D9E 4 Bytes CALL 760964A4 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenProcessToken + B 77095DA3 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenProcessTokenEx + 6 77095DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenProcessTokenEx + B 77095DB3 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenThread + 6 77095E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenThread + B 77095E13 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenThreadToken + 6 77095E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenThreadToken + B 77095E23 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenThreadTokenEx + 6 77095E2E 4 Bytes CALL 76096535 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtOpenThreadTokenEx + B 77095E33 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtQueryAttributesFile + 6 77095F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtQueryAttributesFile + B 77095F43 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtQueryFullAttributesFile + 6 77095FEE 4 Bytes CALL 760966F3 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtQueryFullAttributesFile + B 77095FF3 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtSetInformationFile + 6 7709663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtSetInformationFile + B 77096643 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtSetInformationThread + 6 7709669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtSetInformationThread + B 770966A3 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtUnmapViewOfSection + 6 770969BE 1 Byte [68] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtUnmapViewOfSection + 6 770969BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!NtUnmapViewOfSection + B 770969C3 1 Byte [E2] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000903FC .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000901F8 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00130A08 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001303FC .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00130804 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001301F8 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1344] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00130600 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1368] kernel32.dll!SetUnhandledExceptionFilter 76FBF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1368] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1520] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\Dwm.exe[1520] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\Dwm.exe[1520] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1520] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 000F0A08 .text C:\Windows\system32\Dwm.exe[1520] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 000F03FC .text C:\Windows\system32\Dwm.exe[1520] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 000F0804 .text C:\Windows\system32\Dwm.exe[1520] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 000F01F8 .text C:\Windows\system32\Dwm.exe[1520] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 000F0600 .text C:\Windows\Explorer.EXE[1596] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Windows\Explorer.EXE[1596] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Windows\Explorer.EXE[1596] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\Explorer.EXE[1596] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00150A08 .text C:\Windows\Explorer.EXE[1596] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001503FC .text C:\Windows\Explorer.EXE[1596] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00150804 .text C:\Windows\Explorer.EXE[1596] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001501F8 .text C:\Windows\Explorer.EXE[1596] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00150600 .text C:\Windows\System32\spoolsv.exe[1692] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000A03FC .text C:\Windows\System32\spoolsv.exe[1692] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000A01F8 .text C:\Windows\System32\spoolsv.exe[1692] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1692] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00140A08 .text C:\Windows\System32\spoolsv.exe[1692] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001403FC .text C:\Windows\System32\spoolsv.exe[1692] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00140804 .text C:\Windows\System32\spoolsv.exe[1692] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001401F8 .text C:\Windows\System32\spoolsv.exe[1692] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00140600 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1832] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1832] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1832] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 001F0A08 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1832] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001F03FC .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1832] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 001F0804 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1832] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001F01F8 .text C:\Users\Ania\AppData\Local\Google\Chrome\Application\chrome.exe[1832] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 001F0600 .text C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe[1848] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001603FC .text C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe[1848] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001601F8 .text C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe[1848] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe[1848] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe[1848] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001F03FC .text C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe[1848] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 001F0804 .text C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe[1848] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001F01F8 .text C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe[1848] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 001F0600 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1864] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1864] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1864] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1864] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 001E0A08 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1864] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001E03FC .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1864] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 001E0804 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1864] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001E01F8 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[1864] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 001E0600 .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1892] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\System32\igfxtray.exe[2036] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001603FC .text C:\Windows\System32\igfxtray.exe[2036] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001601F8 .text C:\Windows\System32\igfxtray.exe[2036] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\System32\igfxtray.exe[2036] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00190A08 .text C:\Windows\System32\igfxtray.exe[2036] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001903FC .text C:\Windows\System32\igfxtray.exe[2036] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00190804 .text C:\Windows\System32\igfxtray.exe[2036] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001901F8 .text C:\Windows\System32\igfxtray.exe[2036] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00190600 .text C:\Windows\System32\hkcmd.exe[2044] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001603FC .text C:\Windows\System32\hkcmd.exe[2044] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001601F8 .text C:\Windows\System32\hkcmd.exe[2044] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\System32\hkcmd.exe[2044] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00300A08 .text C:\Windows\System32\hkcmd.exe[2044] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 003003FC .text C:\Windows\System32\hkcmd.exe[2044] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00300804 .text C:\Windows\System32\hkcmd.exe[2044] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 003001F8 .text C:\Windows\System32\hkcmd.exe[2044] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00300600 .text C:\Windows\system32\srvany.exe[2108] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000903FC .text C:\Windows\system32\srvany.exe[2108] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000901F8 .text C:\Windows\system32\srvany.exe[2108] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\srvany.exe[2108] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00120A08 .text C:\Windows\system32\srvany.exe[2108] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001203FC .text C:\Windows\system32\srvany.exe[2108] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00120804 .text C:\Windows\system32\srvany.exe[2108] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001201F8 .text C:\Windows\system32\srvany.exe[2108] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00120600 .text C:\Windows\system32\taskhost.exe[2192] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000503FC .text C:\Windows\system32\taskhost.exe[2192] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 000E0A08 .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 000E03FC .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 000E0804 .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 000E01F8 .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 000E0600 .text C:\Windows\KMService.exe[2216] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 002F03FC .text C:\Windows\KMService.exe[2216] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 002F01F8 .text C:\Windows\KMService.exe[2216] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\KMService.exe[2216] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00300A08 .text C:\Windows\KMService.exe[2216] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 003003FC .text C:\Windows\KMService.exe[2216] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00300804 .text C:\Windows\KMService.exe[2216] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 003001F8 .text C:\Windows\KMService.exe[2216] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00300600 .text C:\Windows\system32\conhost.exe[2224] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000303FC .text C:\Windows\system32\conhost.exe[2224] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000301F8 .text C:\Windows\system32\conhost.exe[2224] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\conhost.exe[2224] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 000C0A08 .text C:\Windows\system32\conhost.exe[2224] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 000C03FC .text C:\Windows\system32\conhost.exe[2224] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 000C0804 .text C:\Windows\system32\conhost.exe[2224] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 000C01F8 .text C:\Windows\system32\conhost.exe[2224] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 000C0600 .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Users\Ania\Desktop\OTL.exe[2684] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001603FC .text C:\Users\Ania\Desktop\OTL.exe[2684] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001601F8 .text C:\Users\Ania\Desktop\OTL.exe[2684] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[2756] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\SearchIndexer.exe[2756] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\SearchIndexer.exe[2756] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[2756] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00240A08 .text C:\Windows\system32\SearchIndexer.exe[2756] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 002403FC .text C:\Windows\system32\SearchIndexer.exe[2756] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00240804 .text C:\Windows\system32\SearchIndexer.exe[2756] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 002401F8 .text C:\Windows\system32\SearchIndexer.exe[2756] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00240600 .text C:\Windows\system32\svchost.exe[2864] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2864] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2864] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[2924] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2924] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2924] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Users\Ania\Desktop\wup8lteo.exe[3040] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[3052] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000703FC .text C:\Windows\system32\wuauclt.exe[3052] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000701F8 .text C:\Windows\system32\wuauclt.exe[3052] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[3052] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00100A08 .text C:\Windows\system32\wuauclt.exe[3052] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001003FC .text C:\Windows\system32\wuauclt.exe[3052] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00100804 .text C:\Windows\system32\wuauclt.exe[3052] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001001F8 .text C:\Windows\system32\wuauclt.exe[3052] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00100600 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3056] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001603FC .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3056] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001601F8 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3056] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3056] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3056] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001F03FC .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3056] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 001F0804 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3056] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3056] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 001F0600 .text C:\Windows\system32\AUDIODG.EXE[3100] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Program Files\Apoint2K\Apntex.exe[3224] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001503FC .text C:\Program Files\Apoint2K\Apntex.exe[3224] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001501F8 .text C:\Program Files\Apoint2K\Apntex.exe[3224] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Program Files\Apoint2K\Apntex.exe[3224] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 001E0A08 .text C:\Program Files\Apoint2K\Apntex.exe[3224] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001E03FC .text C:\Program Files\Apoint2K\Apntex.exe[3224] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 001E0804 .text C:\Program Files\Apoint2K\Apntex.exe[3224] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001E01F8 .text C:\Program Files\Apoint2K\Apntex.exe[3224] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 001E0600 .text C:\Windows\system32\conhost.exe[3240] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000303FC .text C:\Windows\system32\conhost.exe[3240] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000301F8 .text C:\Windows\system32\conhost.exe[3240] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\system32\conhost.exe[3240] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 000C0A08 .text C:\Windows\system32\conhost.exe[3240] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 000C03FC .text C:\Windows\system32\conhost.exe[3240] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 000C0804 .text C:\Windows\system32\conhost.exe[3240] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 000C01F8 .text C:\Windows\system32\conhost.exe[3240] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 000C0600 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3392] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3392] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3392] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3392] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 001E0A08 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3392] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001E03FC .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3392] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 001E0804 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3392] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001E01F8 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[3392] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 001E0600 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3428] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3428] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3428] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3428] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3428] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3428] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3428] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3428] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00170600 .text C:\Program Files\Windows Sidebar\sidebar.exe[3516] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Program Files\Windows Sidebar\sidebar.exe[3516] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3516] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[3516] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 001A0A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[3516] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001A03FC .text C:\Program Files\Windows Sidebar\sidebar.exe[3516] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 001A0804 .text C:\Program Files\Windows Sidebar\sidebar.exe[3516] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001A01F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3516] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 001A0600 .text C:\Program Files\Photo Toolkit\IvBar\phototoolkitmem.exe[3564] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001603FC .text C:\Program Files\Photo Toolkit\IvBar\phototoolkitmem.exe[3564] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001601F8 .text C:\Program Files\Photo Toolkit\IvBar\phototoolkitmem.exe[3564] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Program Files\Photo Toolkit\IvBar\phototoolkitmem.exe[3564] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Photo Toolkit\IvBar\phototoolkitmem.exe[3564] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001F03FC .text C:\Program Files\Photo Toolkit\IvBar\phototoolkitmem.exe[3564] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 001F0804 .text C:\Program Files\Photo Toolkit\IvBar\phototoolkitmem.exe[3564] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Photo Toolkit\IvBar\phototoolkitmem.exe[3564] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 001F0600 .text C:\Windows\System32\dinotify.exe[3828] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000703FC .text C:\Windows\System32\dinotify.exe[3828] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000701F8 .text C:\Windows\System32\dinotify.exe[3828] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\System32\dinotify.exe[3828] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00130A08 .text C:\Windows\System32\dinotify.exe[3828] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001303FC .text C:\Windows\System32\dinotify.exe[3828] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00130804 .text C:\Windows\System32\dinotify.exe[3828] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001301F8 .text C:\Windows\System32\dinotify.exe[3828] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00130600 .text C:\Windows\System32\svchost.exe[3896] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[3896] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[3896] kernel32.dll!GetBinaryTypeW + 70 76FD69F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[3896] USER32.dll!UnhookWindowsHookEx 764FADF9 5 Bytes JMP 00150A08 .text C:\Windows\System32\svchost.exe[3896] USER32.dll!UnhookWinEvent 764FB750 5 Bytes JMP 001503FC .text C:\Windows\System32\svchost.exe[3896] USER32.dll!SetWindowsHookExW 764FE30C 5 Bytes JMP 00150804 .text C:\Windows\System32\svchost.exe[3896] USER32.dll!SetWinEventHook 765024DC 5 Bytes JMP 001501F8 .text C:\Windows\System32\svchost.exe[3896] USER32.dll!SetWindowsHookExA 76526D0C 5 Bytes JMP 00150600 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\BTHUSB \Device\00000070 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076ddf3a6 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076ddf3a6@34c3ac5fc091 0x6E 0x30 0x40 0xB4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076ddf3a6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076ddf3a6@34c3ac5fc091 0x6E 0x30 0x40 0xB4 ... ---- EOF - GMER 1.0.15 ----