GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-28 13:55:02 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK5061GSYN rev.MH000D 465,76GB Running: hj4vic4n.exe; Driver: C:\Users\kps\AppData\Local\Temp\uxriqaow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759f1401 2 bytes JMP 767eb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759f1419 2 bytes JMP 767eb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759f1431 2 bytes JMP 76869149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759f144a 2 bytes CALL 767c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759f14dd 2 bytes JMP 76868a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759f14f5 2 bytes JMP 76868c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759f150d 2 bytes JMP 76868938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759f1525 2 bytes JMP 76868d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759f153d 2 bytes JMP 767dfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759f1555 2 bytes JMP 767e6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759f156d 2 bytes JMP 76869201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759f1585 2 bytes JMP 76868d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759f159d 2 bytes JMP 768688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759f15b5 2 bytes JMP 767dfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759f15cd 2 bytes JMP 767eb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759f16b2 2 bytes JMP 768690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759f16bd 2 bytes JMP 76868891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759f1401 2 bytes JMP 767eb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2780] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759f1419 2 bytes JMP 767eb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759f1431 2 bytes JMP 76869149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759f144a 2 bytes CALL 767c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2780] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759f14dd 2 bytes JMP 76868a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759f14f5 2 bytes JMP 76868c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759f150d 2 bytes JMP 76868938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759f1525 2 bytes JMP 76868d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759f153d 2 bytes JMP 767dfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2780] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759f1555 2 bytes JMP 767e6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759f156d 2 bytes JMP 76869201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759f1585 2 bytes JMP 76868d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759f159d 2 bytes JMP 768688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759f15b5 2 bytes JMP 767dfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759f15cd 2 bytes JMP 767eb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759f16b2 2 bytes JMP 768690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759f16bd 2 bytes JMP 76868891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759f1401 2 bytes JMP 767eb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4800] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759f1419 2 bytes JMP 767eb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759f1431 2 bytes JMP 76869149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759f144a 2 bytes CALL 767c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4800] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759f14dd 2 bytes JMP 76868a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759f14f5 2 bytes JMP 76868c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759f150d 2 bytes JMP 76868938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759f1525 2 bytes JMP 76868d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759f153d 2 bytes JMP 767dfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4800] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759f1555 2 bytes JMP 767e6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4800] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759f156d 2 bytes JMP 76869201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4800] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759f1585 2 bytes JMP 76868d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759f159d 2 bytes JMP 768688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759f15b5 2 bytes JMP 767dfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759f15cd 2 bytes JMP 767eb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759f16b2 2 bytes JMP 768690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759f16bd 2 bytes JMP 76868891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759f1401 2 bytes JMP 767eb233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4860] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759f1419 2 bytes JMP 767eb35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759f1431 2 bytes JMP 76869149 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759f144a 2 bytes CALL 767c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\rundll32.exe[4860] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759f14dd 2 bytes JMP 76868a42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759f14f5 2 bytes JMP 76868c18 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759f150d 2 bytes JMP 76868938 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759f1525 2 bytes JMP 76868d02 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759f153d 2 bytes JMP 767dfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4860] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759f1555 2 bytes JMP 767e6907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4860] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759f156d 2 bytes JMP 76869201 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4860] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759f1585 2 bytes JMP 76868d62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759f159d 2 bytes JMP 768688fc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759f15b5 2 bytes JMP 767dfd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759f15cd 2 bytes JMP 767eb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759f16b2 2 bytes JMP 768690c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759f16bd 2 bytes JMP 76868891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759f1401 2 bytes JMP 767eb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4552] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759f1419 2 bytes JMP 767eb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759f1431 2 bytes JMP 76869149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759f144a 2 bytes CALL 767c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4552] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759f14dd 2 bytes JMP 76868a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759f14f5 2 bytes JMP 76868c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759f150d 2 bytes JMP 76868938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759f1525 2 bytes JMP 76868d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759f153d 2 bytes JMP 767dfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4552] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759f1555 2 bytes JMP 767e6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759f156d 2 bytes JMP 76869201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759f1585 2 bytes JMP 76868d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759f159d 2 bytes JMP 768688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759f15b5 2 bytes JMP 767dfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759f15cd 2 bytes JMP 767eb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759f16b2 2 bytes JMP 768690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759f16bd 2 bytes JMP 76868891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ntdll.dll[4752] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000767c8769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759f1401 2 bytes JMP 767eb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5552] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759f1419 2 bytes JMP 767eb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759f1431 2 bytes JMP 76869149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759f144a 2 bytes CALL 767c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5552] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759f14dd 2 bytes JMP 76868a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759f14f5 2 bytes JMP 76868c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759f150d 2 bytes JMP 76868938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759f1525 2 bytes JMP 76868d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759f153d 2 bytes JMP 767dfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5552] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759f1555 2 bytes JMP 767e6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5552] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759f156d 2 bytes JMP 76869201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5552] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759f1585 2 bytes JMP 76868d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759f159d 2 bytes JMP 768688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759f15b5 2 bytes JMP 767dfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759f15cd 2 bytes JMP 767eb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759f16b2 2 bytes JMP 768690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759f16bd 2 bytes JMP 76868891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759f1401 2 bytes JMP 767eb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6332] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759f1419 2 bytes JMP 767eb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759f1431 2 bytes JMP 76869149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759f144a 2 bytes CALL 767c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6332] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759f14dd 2 bytes JMP 76868a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759f14f5 2 bytes JMP 76868c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759f150d 2 bytes JMP 76868938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759f1525 2 bytes JMP 76868d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759f153d 2 bytes JMP 767dfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6332] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759f1555 2 bytes JMP 767e6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6332] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759f156d 2 bytes JMP 76869201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6332] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759f1585 2 bytes JMP 76868d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759f159d 2 bytes JMP 768688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759f15b5 2 bytes JMP 767dfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759f15cd 2 bytes JMP 767eb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759f16b2 2 bytes JMP 768690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759f16bd 2 bytes JMP 76868891 C:\Windows\syswow64\kernel32.dll .text H:\Programy\Programy Czyszczace Sprawdzajace\GMER\hj4vic4n.exe[9776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759f1401 2 bytes JMP 767eb233 C:\Windows\syswow64\kernel32.dll .text H:\Programy\Programy Czyszczace Sprawdzajace\GMER\hj4vic4n.exe[9776] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759f1419 2 bytes JMP 767eb35e C:\Windows\syswow64\kernel32.dll .text H:\Programy\Programy Czyszczace Sprawdzajace\GMER\hj4vic4n.exe[9776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759f1431 2 bytes JMP 76869149 C:\Windows\syswow64\kernel32.dll .text H:\Programy\Programy Czyszczace Sprawdzajace\GMER\hj4vic4n.exe[9776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759f144a 2 bytes CALL 767c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text H:\Programy\Programy Czyszczace Sprawdzajace\GMER\hj4vic4n.exe[9776] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759f14dd 2 bytes JMP 76868a42 C:\Windows\syswow64\kernel32.dll .text H:\Programy\Programy Czyszczace Sprawdzajace\GMER\hj4vic4n.exe[9776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759f14f5 2 bytes JMP 76868c18 C:\Windows\syswow64\kernel32.dll .text H:\Programy\Programy Czyszczace Sprawdzajace\GMER\hj4vic4n.exe[9776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759f150d 2 bytes JMP 76868938 C:\Windows\syswow64\kernel32.dll .text H:\Programy\Programy Czyszczace Sprawdzajace\GMER\hj4vic4n.exe[9776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759f1525 2 bytes JMP 76868d02 C:\Windows\syswow64\kernel32.dll .text H:\Programy\Programy Czyszczace Sprawdzajace\GMER\hj4vic4n.exe[9776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759f153d 2 bytes JMP 767dfcc0 C:\Windows\syswow64\kernel32.dll .text H:\Programy\Programy Czyszczace Sprawdzajace\GMER\hj4vic4n.exe[9776] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759f1555 2 bytes JMP 767e6907 C:\Windows\syswow64\kernel32.dll .text H:\Programy\Programy Czyszczace Sprawdzajace\GMER\hj4vic4n.exe[9776] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759f156d 2 bytes JMP 76869201 C:\Windows\syswow64\kernel32.dll .text H:\Programy\Programy Czyszczace Sprawdzajace\GMER\hj4vic4n.exe[9776] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759f1585 2 bytes JMP 76868d62 C:\Windows\syswow64\kernel32.dll .text H:\Programy\Programy Czyszczace Sprawdzajace\GMER\hj4vic4n.exe[9776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759f159d 2 bytes JMP 768688fc C:\Windows\syswow64\kernel32.dll .text H:\Programy\Programy Czyszczace Sprawdzajace\GMER\hj4vic4n.exe[9776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759f15b5 2 bytes JMP 767dfd59 C:\Windows\syswow64\kernel32.dll .text H:\Programy\Programy Czyszczace Sprawdzajace\GMER\hj4vic4n.exe[9776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759f15cd 2 bytes JMP 767eb2f4 C:\Windows\syswow64\kernel32.dll .text H:\Programy\Programy Czyszczace Sprawdzajace\GMER\hj4vic4n.exe[9776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759f16b2 2 bytes JMP 768690c4 C:\Windows\syswow64\kernel32.dll .text H:\Programy\Programy Czyszczace Sprawdzajace\GMER\hj4vic4n.exe[9776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759f16bd 2 bytes JMP 76868891 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\Explorer.EXE [4536:8864] 000007feee0a2250 Thread C:\Windows\Explorer.EXE [4536:11464] 000007feee0bed90 Thread C:\Windows\SysWOW64\ntdll.dll [4752:4624] 0000000001330f40 Thread C:\Windows\SysWOW64\ntdll.dll [4752:5780] 0000000073da6250 Thread C:\Windows\SysWOW64\ntdll.dll [4752:6868] 0000000073da6250 Thread C:\Windows\SysWOW64\ntdll.dll [4752:6880] 0000000073da6250 Thread C:\Windows\SysWOW64\ntdll.dll [4752:6888] 00000000644c5850 Thread C:\Windows\SysWOW64\ntdll.dll [4752:6892] 0000000071b3b970 Thread C:\Windows\SysWOW64\ntdll.dll [4752:6896] 0000000073da6250 Thread C:\Windows\SysWOW64\ntdll.dll [4752:6960] 0000000073da6250 Thread C:\Windows\SysWOW64\ntdll.dll [4752:7088] 0000000001295640 Thread C:\Windows\SysWOW64\ntdll.dll [4752:7024] 0000000073da6250 Thread C:\Windows\SysWOW64\ntdll.dll [4752:7028] 0000000000ee9140 Thread C:\Windows\SysWOW64\ntdll.dll [4752:7032] 000000000108cfc0 Thread C:\Windows\SysWOW64\ntdll.dll [4752:6180] 0000000073da6250 Thread C:\Windows\SysWOW64\ntdll.dll [4752:952] 0000000073da6250 Thread C:\Windows\SysWOW64\ntdll.dll [4752:6580] 0000000052b7c66d Thread C:\Windows\SysWOW64\ntdll.dll [4752:7868] 000000005090d370 Thread C:\Windows\SysWOW64\ntdll.dll [4752:7660] 000000005090d370 Thread C:\Windows\SysWOW64\ntdll.dll [4752:8068] 000000005090d370 Thread C:\Windows\SysWOW64\ntdll.dll [4752:9168] 000000005090d370 Thread C:\Windows\SysWOW64\ntdll.dll [4752:9116] 000000005090d370 Thread C:\Windows\SysWOW64\ntdll.dll [4752:8952] 000000005090d370 Thread C:\Windows\SysWOW64\ntdll.dll [4752:9136] 000000005090d370 Thread C:\Windows\SysWOW64\ntdll.dll [4752:9176] 000000005090d370 Thread C:\Windows\SysWOW64\ntdll.dll [4752:8964] 000000005090d370 Thread C:\Windows\SysWOW64\ntdll.dll [4752:6396] 000000005090d370 Thread C:\Windows\SysWOW64\ntdll.dll [4752:5764] 000000005090d370 Thread C:\Windows\SysWOW64\ntdll.dll [4752:404] 000000005090d370 Thread C:\Windows\SysWOW64\ntdll.dll [4752:11976] 00000000731827c1 Thread C:\Windows\SysWOW64\ntdll.dll [4752:10424] 000000005090d370 Thread C:\Windows\SysWOW64\ntdll.dll [4752:7424] 000000005090d370 Thread C:\Windows\SysWOW64\ntdll.dll [4752:9628] 000000005090d370 Thread C:\Windows\SysWOW64\ntdll.dll [4752:9612] 000000005090d370 Thread C:\Windows\SysWOW64\ntdll.dll [4752:4952] 0000000073da6250 Thread C:\Windows\SysWOW64\ntdll.dll [4752:8116] 0000000073da6250 Thread C:\Windows\SysWOW64\ntdll.dll [4752:2736] 0000000075a2d834 Thread C:\Windows\SysWOW64\ntdll.dll [4752:9476] 000000005c8f9950 Thread C:\Windows\SysWOW64\ntdll.dll [4752:8488] 000000005c8f9950 Thread C:\Windows\SysWOW64\ntdll.dll [4752:6408] 000000005c8f9950 Thread C:\Windows\SysWOW64\ntdll.dll [4752:2128] 000000005c8f9950 Thread C:\Windows\SysWOW64\ntdll.dll [4752:11500] 000000005c8f9950 Thread C:\Windows\SysWOW64\ntdll.dll [4752:11028] 000000007318a3e0 Thread C:\Windows\SysWOW64\ntdll.dll [4752:10556] 000000005090d370 Thread C:\Windows\SysWOW64\ntdll.dll [4752:2336] 00000000711b62ce ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{3A1DBBE6-83CD-4D34-B272-79A77E4DAB1D}\Connection@Name isatap.{7C928E10-2154-4792-844A-E4F0523EE395} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{DCBEE226-966D-4DC0-9E15-6E40999DDE43}?\Device\{879A66AF-AE5A-4130-8B1A-F1908B0EC1E3}?\Device\{3A1DBBE6-83CD-4D34-B272-79A77E4DAB1D}?\Device\{F410F1A4-C661-4233-995E-447CB805FDD1}?\Device\{754090F7-D301-4F4E-B023-CA2F255F19CD}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{DCBEE226-966D-4DC0-9E15-6E40999DDE43}"?"{879A66AF-AE5A-4130-8B1A-F1908B0EC1E3}"?"{3A1DBBE6-83CD-4D34-B272-79A77E4DAB1D}"?"{F410F1A4-C661-4233-995E-447CB805FDD1}"?"{754090F7-D301-4F4E-B023-CA2F255F19CD}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{DCBEE226-966D-4DC0-9E15-6E40999DDE43}?\Device\TCPIP6TUNNEL_{879A66AF-AE5A-4130-8B1A-F1908B0EC1E3}?\Device\TCPIP6TUNNEL_{3A1DBBE6-83CD-4D34-B272-79A77E4DAB1D}?\Device\TCPIP6TUNNEL_{F410F1A4-C661-4233-995E-447CB805FDD1}?\Device\TCPIP6TUNNEL_{754090F7-D301-4F4E-B023-CA2F255F19CD}? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_14749077196812280@SetupOperations ????????????????????????????Re??Re??? ???????n?????{?????{????????$??????????v????T??{?????????e????@%SystemRoot%\system32\tapisrv.dll,-10100?????????????????????????h??{????????h?????????????????t????{??????????????%SystemRoot%\System32\svchost.exe -k NetworkService????????? ?????????????T??{?????????n????@%SystemRoot%\system32\tapisrv.dll,-10101?????2??{??????e????? ??{???????????e??PlugPlay?RpcSs??????? 8??{??????????????NT AUTHORITY\NetworkService???????,??{???+???????+???????????????????????????{??????????????????SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege?SeAssignPrimaryTokenPrivilege???????{?{?{?{?{?{?{?{?{?{?{??????????????????????????? ???????{???????????y????????,?D??? ???????????? D??{??????????????%SystemRoot%\System32\tapisrv.dll???????????????????????????? ???????{???????????{??????????6??????????e????CloseTapiPerformanceData??????6??{???????t??CollectTapiPerformanceData???????????{???????y??tapiperf.dll????? ??y????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_14749077955602280@SetupOperations ? ??????HID_Inst?????????????????????????????.??????????????????????Net??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????h???????????????????????????????????????????.??????????????????????16???????????k?s?t?v?l???r???????????????`?`?`?`?`?`?`?`?`?`?`?`?`?`?`?`?`???`?`????????????????? ????????????????????????"???&??????????????????????????o???????d????????????????????@????????????e??????????????????????z??????w?gct??fh???c?c?c?c?c?c????????????????edit?l??tunnel??????disk_install????system32\DRIVERS\WinUsb.sys?\WinUsb.sys?????Urz?dzenie pami?ci masowej USB??????????l???Sterownik skanera USB???usbprint.inf_amd64_neutral_54948be2bc4bcdd1?????????0???????????????????????????????????????????????????? P?????????????????????????tap0901?15????z????????g?????????????????c???????????(???????1????????????????????????????????Z??????7????d9E4???????????{???????????????????????????????????????????d?????l????????.d??Parallel arbitrator??????????????.? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf4d9289b Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3A1DBBE6-83CD-4D34-B272-79A77E4DAB1D}@InterfaceName isatap.{7C928E10-2154-4792-844A-E4F0523EE395} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3A1DBBE6-83CD-4D34-B272-79A77E4DAB1D}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_14749077196812280@SetupOperations ????????Apple Mobile Device USB Driver????????X?????????????WUDFRd??????????????????????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ??????????????? ????????,??HJ???????????Y???????Y???Y???Y???????????????,???????Y???????Y???????????????Y???????3?????????????????? ??????????????????? ????????Y?? ?????????????????volume.inf????????????????????????????????????*??????e?????????n11??? ???????@???????????????????? ?B???????RE?????????????????????????????????????????????????????????????????????????????????????????????????????s????????????????????? ???????????????????????????0???????????????{???????d??????????????????????usbstor.inf:Generic.NTamd64:USBSTOR_BULK:6.1.7601.19144:usb\class_08&subclass_06&prot_50?????????????0????????????I??????????$???????3??????????????????18???????&??? ???????V?????oft??6.1.7601.19133????????????????????????????p??????????????????????? ??????e???e???????????0??8.??????v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\iTun Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_14749077955602280@SetupOperations ? ??????????????????.9????????????N?????????????????????????????ms????N????????????D?????????????????????v???z??6.1.7601.17514?e}???????????6.1.7600.16385??????????????????????? n??????????????????????????????????W???????????E??????????????????????????????????????input.inf???????p????????????}??????????????????????????????volume.inf??????????????????????? ??????? ????????????N??????n?????DNF??? ???????T?????{E7??????????????????????????????????????????????KE??????????????????????????????????????????????????????????{00000000-0000-0000-0000-000000000000}??????????????????????????????????????????????????????? 4??????1??????s\?????????????????s??????????????????????????????????????????????????????????????????0??????t??????????????????4????????????????????????????????????????????e???????n??input.inf:Standard.NTamd64:HID_Raw_Inst:6.1.7601.18199::hid_device??????msmouse.inf:MSMfg.NTamd64:HID_Mouse_Inst:6.1.7600.16385::hid_device_system_mouse????disk????????????????????????????????????????????????? ???????A????????? Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf4d9289b (not active ControlSet) ---- EOF - GMER 2.2 ----