0GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-22 19:23:43 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-22V1A0 rev.05.01D05 Running: pe0m39qh.exe; Driver: C:\Users\x\AppData\Local\Temp\fxdoruoc.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E913C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ECAD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9E362300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9E3A5300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtCreateFile + 6 772D55CE 4 Bytes [28, 00, 1E, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtCreateFile + B 772D55D3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtMapViewOfSection + 6 772D5C2E 1 Byte [28] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtMapViewOfSection + 6 772D5C2E 4 Bytes [28, 03, 1E, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtMapViewOfSection + B 772D5C33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenFile + 6 772D5CDE 4 Bytes [68, 00, 1E, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenFile + B 772D5CE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenProcess + 6 772D5D8E 4 Bytes [A8, 01, 1E, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenProcess + B 772D5D93 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenProcessToken + B 772D5DA3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenProcessTokenEx + 6 772D5DAE 4 Bytes [A8, 02, 1E, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenProcessTokenEx + B 772D5DB3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenThread + 6 772D5E0E 4 Bytes [68, 01, 1E, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenThread + B 772D5E13 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenThreadToken + 6 772D5E1E 4 Bytes [68, 02, 1E, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenThreadToken + B 772D5E23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtOpenThreadTokenEx + B 772D5E33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtQueryAttributesFile + 6 772D5F3E 4 Bytes [A8, 00, 1E, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtQueryAttributesFile + B 772D5F43 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtQueryFullAttributesFile + B 772D5FF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtSetInformationFile + 6 772D663E 4 Bytes [28, 01, 1E, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtSetInformationFile + B 772D6643 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtSetInformationThread + 6 772D669E 4 Bytes [28, 02, 1E, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtSetInformationThread + B 772D66A3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtUnmapViewOfSection + 6 772D69BE 1 Byte [68] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtUnmapViewOfSection + 6 772D69BE 4 Bytes [68, 03, 1E, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2748] ntdll.dll!NtUnmapViewOfSection + B 772D69C3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtCreateFile + 6 772D55CE 4 Bytes [28, 00, 2A, 00] {SUB [EAX], AL; SUB AL, [EAX]} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtCreateFile + B 772D55D3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtMapViewOfSection + 6 772D5C2E 1 Byte [28] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtMapViewOfSection + 6 772D5C2E 4 Bytes [28, 03, 2A, 00] {SUB [EBX], AL; SUB AL, [EAX]} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtMapViewOfSection + B 772D5C33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenFile + 6 772D5CDE 4 Bytes [68, 00, 2A, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenFile + B 772D5CE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenProcess + 6 772D5D8E 4 Bytes [A8, 01, 2A, 00] {TEST AL, 0x1; SUB AL, [EAX]} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenProcess + B 772D5D93 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenProcessToken + B 772D5DA3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenProcessTokenEx + 6 772D5DAE 4 Bytes [A8, 02, 2A, 00] {TEST AL, 0x2; SUB AL, [EAX]} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenProcessTokenEx + B 772D5DB3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenThread + 6 772D5E0E 4 Bytes [68, 01, 2A, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenThread + B 772D5E13 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenThreadToken + 6 772D5E1E 4 Bytes [68, 02, 2A, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenThreadToken + B 772D5E23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtOpenThreadTokenEx + B 772D5E33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtQueryAttributesFile + 6 772D5F3E 4 Bytes [A8, 00, 2A, 00] {TEST AL, 0x0; SUB AL, [EAX]} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtQueryAttributesFile + B 772D5F43 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtQueryFullAttributesFile + B 772D5FF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtSetInformationFile + 6 772D663E 4 Bytes [28, 01, 2A, 00] {SUB [ECX], AL; SUB AL, [EAX]} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtSetInformationFile + B 772D6643 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtSetInformationThread + 6 772D669E 4 Bytes [28, 02, 2A, 00] {SUB [EDX], AL; SUB AL, [EAX]} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtSetInformationThread + B 772D66A3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtUnmapViewOfSection + 6 772D69BE 1 Byte [68] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtUnmapViewOfSection + 6 772D69BE 4 Bytes [68, 03, 2A, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3184] ntdll.dll!NtUnmapViewOfSection + B 772D69C3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtCreateFile + 6 772D55CE 4 Bytes [28, 00, 18, 00] {SUB [EAX], AL; SBB [EAX], AL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtCreateFile + B 772D55D3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtMapViewOfSection + 6 772D5C2E 1 Byte [28] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtMapViewOfSection + 6 772D5C2E 4 Bytes [28, 03, 18, 00] {SUB [EBX], AL; SBB [EAX], AL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtMapViewOfSection + B 772D5C33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenFile + 6 772D5CDE 4 Bytes [68, 00, 18, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenFile + B 772D5CE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenProcess + 6 772D5D8E 4 Bytes [A8, 01, 18, 00] {TEST AL, 0x1; SBB [EAX], AL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenProcess + B 772D5D93 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenProcessToken + B 772D5DA3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenProcessTokenEx + 6 772D5DAE 4 Bytes [A8, 02, 18, 00] {TEST AL, 0x2; SBB [EAX], AL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenProcessTokenEx + B 772D5DB3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenThread + 6 772D5E0E 4 Bytes [68, 01, 18, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenThread + B 772D5E13 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenThreadToken + 6 772D5E1E 4 Bytes [68, 02, 18, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenThreadToken + B 772D5E23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenThreadTokenEx + B 772D5E33 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtQueryAttributesFile + 6 772D5F3E 4 Bytes [A8, 00, 18, 00] {TEST AL, 0x0; SBB [EAX], AL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtQueryAttributesFile + B 772D5F43 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtQueryFullAttributesFile + B 772D5FF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtSetInformationFile + 6 772D663E 4 Bytes [28, 01, 18, 00] {SUB [ECX], AL; SBB [EAX], AL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtSetInformationFile + B 772D6643 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtSetInformationThread + 6 772D669E 4 Bytes [28, 02, 18, 00] {SUB [EDX], AL; SBB [EAX], AL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtSetInformationThread + B 772D66A3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtUnmapViewOfSection + 6 772D69BE 1 Byte [68] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtUnmapViewOfSection + 6 772D69BE 4 Bytes [68, 03, 18, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtUnmapViewOfSection + B 772D69C3 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740924CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7407562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740756EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74092546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [740885AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74084D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74085105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740851DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74086707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74088301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74088850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [740890B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7408E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74084C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{7B058CA3-B6ED-45E6-8447-83131F7A59FE} ---- EOF - GMER 1.0.15 ----