GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-13 18:56:49 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.CT10 372,61GB Running: qno8pw1w.exe; Driver: C:\DOCUME~1\PC\USTAWI~1\Temp\afryrpod.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xA3380BA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xA3381684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xA33C5D80] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xA338D6F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xA338D744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xA338D8DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xA33C5734] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xA338D666] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xA338D788] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xA338D6AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xA3381BBA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xA338D898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xA3382472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xA3380C0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xA33C6446] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xA33C66FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xA3385C68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xA33C62B1] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xA33C611C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xA33807F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xA35F7ED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xA3380C72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xA338605E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xA3382F5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xA338D722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xA338D766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xA338D902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xA33C5A90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xA338D68C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xA3385560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xA338D816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xA338D6D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xA338594C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xA338D8BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xA35F7C6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xA33C5F97] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xA3382DCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xA33C5DE9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xA3382924] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xA3605E1A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xA33C4D77] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xA3380CD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xA3380D3E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xA33822EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xA3380892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xA3380A64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xA33C654D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xA33809F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xA338263C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xA338279E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xA3380AEC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xA338212A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xA33822CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xA3380DA4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xA33816E0] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2F28 805047E0 12 Bytes [D8, 0C, 38, A3, 3E, 0D, 38, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 80504888 12 Bytes [3C, 26, 38, A3, 9E, 27, 38, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL A338362B \SystemRoot\system32\drivers\aswSnx.sys .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB4D3E3C0, 0x80008A, 0xE8000020] ---- User code sections - GMER 2.2 ---- .text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[600] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[788] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[868] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[868] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe[936] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe[936] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Elex-tech\YAC\iSafeSvc.exe[1108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Elex-tech\YAC\iSafeSvc.exe[1108] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe[1156] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe[1156] kernel32.dll!CreateRemoteThread + 174 7C810640 4 Bytes JMP 71AF0000 .text C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe[1156] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[1216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[1216] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1472] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1472] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1528] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Elex-tech\YAC\iSafeTray.exe[1608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Elex-tech\YAC\iSafeTray.exe[1608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1976] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2200] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C4, 2D, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C7, 2D, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C4, 2D, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C5, 2D, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9103DE .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C6, 2D, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C5, 2D, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C6, 2D, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91044F .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C4, 2D, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91057D .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C5, 2D, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C6, 2D, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C7, 2D, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007601F8 .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text c:\program files\opera\36.0.2130.65\opera.exe[2644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007603FC .text c:\program files\opera\36.0.2130.65\opera.exe[2644] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text c:\program files\opera\36.0.2130.65\opera.exe[2676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text c:\program files\opera\36.0.2130.65\opera.exe[2676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text c:\program files\opera\36.0.2130.65\opera.exe[2676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text c:\program files\opera\36.0.2130.65\opera.exe[2676] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[2708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[2708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[2800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[2800] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2848] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[2868] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[2868] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[2912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[2912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2940] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[2984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[2984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text c:\program files\opera\36.0.2130.65\opera_crashreporter.exe[3300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text c:\program files\opera\36.0.2130.65\opera_crashreporter.exe[3300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 50, 4C, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 53, 4C, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 50, 4C, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 51, 4C, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91226A .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 52, 4C, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 51, 4C, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 52, 4C, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9122DB .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 50, 4C, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912409 .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 51, 4C, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 52, 4C, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 53, 4C, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008A01F8 .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text c:\program files\opera\36.0.2130.65\opera.exe[3620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 008A03FC .text c:\program files\opera\36.0.2130.65\opera.exe[3620] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 3C, AA, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 3F, AA, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 3C, AA, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 3D, AA, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B918056 .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 3E, AA, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 3D, AA, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 3E, AA, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9180C7 .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 3C, AA, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9181F5 .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 3D, AA, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 3E, AA, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 3F, AA, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E801F8 .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text c:\program files\opera\36.0.2130.65\opera.exe[3640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00E803FC .text c:\program files\opera\36.0.2130.65\opera.exe[3640] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C0, 96, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C3, 96, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C0, 96, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C1, 96, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916CDA .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C2, 96, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C1, 96, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C2, 96, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916D4B .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C0, 96, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916E79 .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C1, 96, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C2, 96, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C3, 96, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D401F8 .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text c:\program files\opera\36.0.2130.65\opera.exe[3772] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00D403FC .text c:\program files\opera\36.0.2130.65\opera.exe[3772] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, E4, 91, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, E7, 91, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, E4, 91, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, E5, 91, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9167FE .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, E6, 91, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, E5, 91, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, E6, 91, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91686F .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, E4, 91, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91699D .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, E5, 91, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, E6, 91, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, E7, 91, 00] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00CF01F8 .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text c:\program files\opera\36.0.2130.65\opera.exe[3804] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00CF03FC .text c:\program files\opera\36.0.2130.65\opera.exe[3804] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\DOCUME~1\PC\USTAWI~1\Temp\scoped_dir2676_11157\qno8pw1w.exe[3908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\DOCUME~1\PC\USTAWI~1\Temp\scoped_dir2676_11157\qno8pw1w.exe[3908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[4076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[4076] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\WINDOWS\Explorer.EXE[1912] @ C:\WINDOWS\Explorer.EXE [USER32.dll!MoveWindow] [10001880] C:\Program Files\Elex-tech\YAC\iDskDllPatch.dll IAT C:\WINDOWS\Explorer.EXE[1912] @ C:\WINDOWS\Explorer.EXE [USER32.dll!EndPaint] [10001C80] C:\Program Files\Elex-tech\YAC\iDskDllPatch.dll IAT C:\WINDOWS\Explorer.EXE[1912] @ C:\WINDOWS\Explorer.EXE [USER32.dll!DeferWindowPos] [10001B10] C:\Program Files\Elex-tech\YAC\iDskDllPatch.dll IAT C:\WINDOWS\Explorer.EXE[1912] @ C:\WINDOWS\Explorer.EXE [USER32.dll!SetWindowPos] [100019D0] C:\Program Files\Elex-tech\YAC\iDskDllPatch.dll ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\Tcpip \Device\Ip iSafeNetFilter.sys AttachedDevice \Driver\Tcpip \Device\Ip {a5c25b9e-3974-4e91-9864-34f9aca33ff3}Gt.sys AttachedDevice \Driver\Tcpip \Device\Tcp iSafeNetFilter.sys AttachedDevice \Driver\Tcpip \Device\Tcp {a5c25b9e-3974-4e91-9864-34f9aca33ff3}Gt.sys AttachedDevice \Driver\Tcpip \Device\Udp iSafeNetFilter.sys AttachedDevice \Driver\Tcpip \Device\Udp {a5c25b9e-3974-4e91-9864-34f9aca33ff3}Gt.sys AttachedDevice \Driver\Tcpip \Device\RawIp iSafeNetFilter.sys AttachedDevice \Driver\Tcpip \Device\RawIp {a5c25b9e-3974-4e91-9864-34f9aca33ff3}Gt.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{164110D0-7D82-4508-974E-6544016146AC}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{164110D0-7D82-4508-974E-6544016146AC}\0001@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{2E7456FB-2359-4CE8-AA21-20DB0EFE60FC}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{3D9FD15D-82EE-4917-9DE9-856A8461AA29}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{5DBB42FD-29DB-4911-A59E-7895C5BC8D00}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{F944C6A8-E3D8-434B-B15D-E016575EE65B}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015830cbfeb Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015830cbfeb@001e7c2cea50 0x62 0x89 0x6F 0x4E ... Reg HKLM\SYSTEM\ControlSet004\Control\Video\{164110D0-7D82-4508-974E-6544016146AC}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet004\Control\Video\{164110D0-7D82-4508-974E-6544016146AC}\0001@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet004\Control\Video\{2E7456FB-2359-4CE8-AA21-20DB0EFE60FC}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet004\Control\Video\{3D9FD15D-82EE-4917-9DE9-856A8461AA29}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet004\Control\Video\{5DBB42FD-29DB-4911-A59E-7895C5BC8D00}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet004\Control\Video\{F944C6A8-E3D8-434B-B15D-E016575EE65B}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0015830cbfeb (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0015830cbfeb@001e7c2cea50 0x62 0x89 0x6F 0x4E ... ---- EOF - GMER 2.2 ----