GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-22 12:04:44 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 TOSHIBA_MK2546GSX rev.LB014C Running: w73njsyx.exe; Driver: C:\Users\Ania\AppData\Local\Temp\fwlcqaog.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 83A93349 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83ACCD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2832] USER32.dll!RegisterMessagePumpHook + 2F1 75BA8B9E 7 Bytes JMP 10053940 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2832] USER32.dll!PostMessageW + 43A 75BB48B5 7 Bytes JMP 100537F0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2832] USER32.dll!SetDlgItemTextA + 25 75BC709F 7 Bytes JMP 10053920 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2832] USER32.dll!MessageBoxIndirectA + F5 75BFE95E 7 Bytes JMP 10053990 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2832] USER32.dll!MessageBoxIndirectW + 61 75BFE9C4 7 Bytes JMP 10053A60 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2832] USER32.dll!MessageBoxExA + 1F 75BFE9E8 7 Bytes JMP 10053A10 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtCreateFile + 6 774755CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtCreateFile + B 774755D3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtMapViewOfSection + 6 77475C2E 1 Byte [28] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtMapViewOfSection + 6 77475C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtMapViewOfSection + B 77475C33 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtOpenFile + 6 77475CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtOpenFile + B 77475CE3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtOpenProcess + 6 77475D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtOpenProcess + B 77475D93 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtOpenProcessToken + B 77475DA3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtOpenProcessTokenEx + 6 77475DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtOpenProcessTokenEx + B 77475DB3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtOpenThread + 6 77475E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtOpenThread + B 77475E13 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtOpenThreadToken + 6 77475E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtOpenThreadToken + B 77475E23 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtOpenThreadTokenEx + B 77475E33 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtQueryAttributesFile + 6 77475F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtQueryAttributesFile + B 77475F43 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtQueryFullAttributesFile + B 77475FF3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtSetInformationFile + 6 7747663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtSetInformationFile + B 77476643 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtSetInformationThread + 6 7747669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtSetInformationThread + B 774766A3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtUnmapViewOfSection + 6 774769BE 1 Byte [68] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtUnmapViewOfSection + 6 774769BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4608] ntdll.dll!NtUnmapViewOfSection + B 774769C3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtCreateFile + 6 774755CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtCreateFile + B 774755D3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtMapViewOfSection + 6 77475C2E 1 Byte [28] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtMapViewOfSection + 6 77475C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtMapViewOfSection + B 77475C33 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtOpenFile + 6 77475CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtOpenFile + B 77475CE3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtOpenProcess + 6 77475D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtOpenProcess + B 77475D93 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtOpenProcessToken + B 77475DA3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtOpenProcessTokenEx + 6 77475DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtOpenProcessTokenEx + B 77475DB3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtOpenThread + 6 77475E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtOpenThread + B 77475E13 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtOpenThreadToken + 6 77475E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtOpenThreadToken + B 77475E23 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtOpenThreadTokenEx + B 77475E33 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtQueryAttributesFile + 6 77475F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtQueryAttributesFile + B 77475F43 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtQueryFullAttributesFile + B 77475FF3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtSetInformationFile + 6 7747663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtSetInformationFile + B 77476643 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtSetInformationThread + 6 7747669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtSetInformationThread + B 774766A3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtUnmapViewOfSection + 6 774769BE 1 Byte [68] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtUnmapViewOfSection + 6 774769BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4700] ntdll.dll!NtUnmapViewOfSection + B 774769C3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtCreateFile + 6 774755CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtCreateFile + B 774755D3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtMapViewOfSection + 6 77475C2E 1 Byte [28] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtMapViewOfSection + 6 77475C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtMapViewOfSection + B 77475C33 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtOpenFile + 6 77475CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtOpenFile + B 77475CE3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtOpenProcess + 6 77475D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtOpenProcess + B 77475D93 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtOpenProcessToken + B 77475DA3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtOpenProcessTokenEx + 6 77475DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtOpenProcessTokenEx + B 77475DB3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtOpenThread + 6 77475E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtOpenThread + B 77475E13 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtOpenThreadToken + 6 77475E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtOpenThreadToken + B 77475E23 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtOpenThreadTokenEx + B 77475E33 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtQueryAttributesFile + 6 77475F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtQueryAttributesFile + B 77475F43 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtQueryFullAttributesFile + B 77475FF3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtSetInformationFile + 6 7747663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtSetInformationFile + B 77476643 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtSetInformationThread + 6 7747669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtSetInformationThread + B 774766A3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtUnmapViewOfSection + 6 774769BE 1 Byte [68] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtUnmapViewOfSection + 6 774769BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4712] ntdll.dll!NtUnmapViewOfSection + B 774769C3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtCreateFile + 6 774755CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtCreateFile + B 774755D3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtMapViewOfSection + 6 77475C2E 1 Byte [28] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtMapViewOfSection + 6 77475C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtMapViewOfSection + B 77475C33 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtOpenFile + 6 77475CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtOpenFile + B 77475CE3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtOpenProcess + 6 77475D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtOpenProcess + B 77475D93 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtOpenProcessToken + B 77475DA3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtOpenProcessTokenEx + 6 77475DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtOpenProcessTokenEx + B 77475DB3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtOpenThread + 6 77475E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtOpenThread + B 77475E13 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtOpenThreadToken + 6 77475E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtOpenThreadToken + B 77475E23 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtOpenThreadTokenEx + B 77475E33 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtQueryAttributesFile + 6 77475F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtQueryAttributesFile + B 77475F43 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtQueryFullAttributesFile + B 77475FF3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtSetInformationFile + 6 7747663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtSetInformationFile + B 77476643 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtSetInformationThread + 6 7747669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtSetInformationThread + B 774766A3 1 Byte [E2] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtUnmapViewOfSection + 6 774769BE 1 Byte [68] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtUnmapViewOfSection + 6 774769BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Ania\AppData\Roaming\ChromePlus\chrome.exe[4720] ntdll.dll!NtUnmapViewOfSection + B 774769C3 1 Byte [E2] .text C:\PROGRA~1\MICROS~2\Office12\WINWORD.EXE[4796] kernel32.dll!SetUnhandledExceptionFilter 75CBF4FB 5 Bytes JMP 5BCC5629 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\PROGRA~1\MICROS~2\Office12\WINWORD.EXE[4796] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [754DFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\PROGRA~1\MICROS~2\Office12\WINWORD.EXE[4796] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [754DFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\PROGRA~1\MICROS~2\Office12\WINWORD.EXE[4796] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [754DFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\PROGRA~1\MICROS~2\Office12\WINWORD.EXE[4796] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [754DFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis) Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device volmgr.sys (Volume Manager Driver/Microsoft Corporation) AttachedDevice tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Files - GMER 1.0.15 ---- File C:\Windows\$NtUninstallKB43816$\1402539585 0 bytes File C:\Windows\$NtUninstallKB43816$\460697693 0 bytes File C:\Windows\$NtUninstallKB43816$\460697693\@ 2048 bytes File C:\Windows\$NtUninstallKB43816$\460697693\cfg.ini 204 bytes File C:\Windows\$NtUninstallKB43816$\460697693\Desktop.ini 4608 bytes File C:\Windows\$NtUninstallKB43816$\460697693\L 0 bytes File C:\Windows\$NtUninstallKB43816$\460697693\L\xadqgnnk 74752 bytes File C:\Windows\$NtUninstallKB43816$\460697693\oemid 244 bytes File C:\Windows\$NtUninstallKB43816$\460697693\twl.dll 223744 bytes File C:\Windows\$NtUninstallKB43816$\460697693\U 0 bytes File C:\Windows\$NtUninstallKB43816$\460697693\U\00000001.@ 2048 bytes File C:\Windows\$NtUninstallKB43816$\460697693\U\00000002.@ 224768 bytes File C:\Windows\$NtUninstallKB43816$\460697693\U\00000004.@ 1024 bytes File C:\Windows\$NtUninstallKB43816$\460697693\U\80000000.@ 66560 bytes File C:\Windows\$NtUninstallKB43816$\460697693\U\80000004.@ 1024 bytes File C:\Windows\$NtUninstallKB43816$\460697693\U\80000032.@ 115712 bytes File C:\Windows\$NtUninstallKB43816$\460697693\version 1275 bytes ---- EOF - GMER 1.0.15 ----