GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-10-11 13:54:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006a TOSHIBA_ rev.MS2O 931,51GB
Running: n10jg1zn.exe; Driver: C:\Users\User\AppData\Local\Temp\aftcaaob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files\AVAST Software\Avast\AvastUI.exe[4516] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter             0000000075818769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text  F:\Program Files (x86)\Steam\Steam.exe[3744] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                             00000000752e1401 2 bytes JMP 7583b20b C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\Steam.exe[3744] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                               00000000752e1419 2 bytes JMP 7583b336 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\Steam.exe[3744] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                             00000000752e1431 2 bytes JMP 758b8f39 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\Steam.exe[3744] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                             00000000752e144a 2 bytes CALL 75814885 C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                              * 9
.text  F:\Program Files (x86)\Steam\Steam.exe[3744] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                00000000752e14dd 2 bytes JMP 758b8832 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\Steam.exe[3744] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                         00000000752e14f5 2 bytes JMP 758b8a08 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\Steam.exe[3744] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                00000000752e150d 2 bytes JMP 758b8728 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\Steam.exe[3744] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                         00000000752e1525 2 bytes JMP 758b8af2 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\Steam.exe[3744] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                               00000000752e153d 2 bytes JMP 7582fc98 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\Steam.exe[3744] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                    00000000752e1555 2 bytes JMP 758368df C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\Steam.exe[3744] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                             00000000752e156d 2 bytes JMP 758b8ff1 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\Steam.exe[3744] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                               00000000752e1585 2 bytes JMP 758b8b52 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\Steam.exe[3744] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                  00000000752e159d 2 bytes JMP 758b86ec C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\Steam.exe[3744] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                               00000000752e15b5 2 bytes JMP 7582fd31 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\Steam.exe[3744] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                             00000000752e15cd 2 bytes JMP 7583b2cc C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\Steam.exe[3744] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                         00000000752e16b2 2 bytes JMP 758b8eb4 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\Steam.exe[3744] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                         00000000752e16bd 2 bytes JMP 758b8681 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                 00000000752e1401 2 bytes JMP 7583b20b C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[792] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                   00000000752e1419 2 bytes JMP 7583b336 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                 00000000752e1431 2 bytes JMP 758b8f39 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                 00000000752e144a 2 bytes CALL 75814885 C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                              * 9
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[792] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                    00000000752e14dd 2 bytes JMP 758b8832 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17             00000000752e14f5 2 bytes JMP 758b8a08 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                    00000000752e150d 2 bytes JMP 758b8728 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17             00000000752e1525 2 bytes JMP 758b8af2 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                   00000000752e153d 2 bytes JMP 7582fc98 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[792] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                        00000000752e1555 2 bytes JMP 758368df C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[792] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                 00000000752e156d 2 bytes JMP 758b8ff1 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[792] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                   00000000752e1585 2 bytes JMP 758b8b52 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                      00000000752e159d 2 bytes JMP 758b86ec C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                   00000000752e15b5 2 bytes JMP 7582fd31 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                 00000000752e15cd 2 bytes JMP 7583b2cc C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20             00000000752e16b2 2 bytes JMP 758b8eb4 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31             00000000752e16bd 2 bytes JMP 758b8681 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5220] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17         00000000752e1401 2 bytes JMP 7583b20b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5220] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17           00000000752e1419 2 bytes JMP 7583b336 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5220] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17         00000000752e1431 2 bytes JMP 758b8f39 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5220] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42         00000000752e144a 2 bytes CALL 75814885 C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                              * 9
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5220] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17            00000000752e14dd 2 bytes JMP 758b8832 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5220] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17     00000000752e14f5 2 bytes JMP 758b8a08 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5220] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17            00000000752e150d 2 bytes JMP 758b8728 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5220] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17     00000000752e1525 2 bytes JMP 758b8af2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5220] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17           00000000752e153d 2 bytes JMP 7582fc98 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5220] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                00000000752e1555 2 bytes JMP 758368df C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5220] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17         00000000752e156d 2 bytes JMP 758b8ff1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5220] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17           00000000752e1585 2 bytes JMP 758b8b52 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5220] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17              00000000752e159d 2 bytes JMP 758b86ec C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5220] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17           00000000752e15b5 2 bytes JMP 7582fd31 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5220] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17         00000000752e15cd 2 bytes JMP 7583b2cc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5220] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20     00000000752e16b2 2 bytes JMP 758b8eb4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5220] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31     00000000752e16bd 2 bytes JMP 758b8681 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5               00000000771bf9f1 7 bytes {MOV EDX, 0xf1bae8; JMP RDX}
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5                            00000000771bfa6d 7 bytes {MOV EDX, 0xf1b9a8; JMP RDX}
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5                          00000000771bfb85 7 bytes {MOV EDX, 0xf1b968; JMP RDX}
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                    00000000771bfc35 7 bytes {MOV EDX, 0xf1bb28; JMP RDX}
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                        00000000771bfc65 7 bytes {MOV EDX, 0xf1ba68; JMP RDX}
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                 00000000771bfc7d 7 bytes {MOV EDX, 0xf1b928; JMP RDX}
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                   00000000771bfc95 7 bytes {MOV EDX, 0xf1bbe8; JMP RDX}
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                 00000000771bfcc5 7 bytes {MOV EDX, 0xf1bc28; JMP RDX}
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                  00000000771bfd45 7 bytes {MOV EDX, 0xf1bba8; JMP RDX}
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                 00000000771bfd5d 7 bytes {MOV EDX, 0xf1bb68; JMP RDX}
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                           00000000771bfda9 7 bytes {MOV EDX, 0xf1b868; JMP RDX}
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                00000000771bfea1 7 bytes {MOV EDX, 0xf1b8a8; JMP RDX}
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                         00000000771c00f9 7 bytes {MOV EDX, 0xf1b828; JMP RDX}
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5                          00000000771c105d 7 bytes {MOV EDX, 0xf1b9e8; JMP RDX}
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                   00000000771c1105 7 bytes {MOV EDX, 0xf1baa8; JMP RDX}
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                         00000000771c117d 7 bytes {MOV EDX, 0xf1ba28; JMP RDX}
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5            00000000771c1381 7 bytes {MOV EDX, 0xf1b8e8; JMP RDX}
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                00000000752e1401 2 bytes JMP 7583b20b C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                  00000000752e1419 2 bytes JMP 7583b336 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                00000000752e1431 2 bytes JMP 758b8f39 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                00000000752e144a 2 bytes CALL 75814885 C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                              * 9
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                   00000000752e14dd 2 bytes JMP 758b8832 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17            00000000752e14f5 2 bytes JMP 758b8a08 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                   00000000752e150d 2 bytes JMP 758b8728 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17            00000000752e1525 2 bytes JMP 758b8af2 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                  00000000752e153d 2 bytes JMP 7582fc98 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                       00000000752e1555 2 bytes JMP 758368df C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                00000000752e156d 2 bytes JMP 758b8ff1 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                  00000000752e1585 2 bytes JMP 758b8b52 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                     00000000752e159d 2 bytes JMP 758b86ec C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                  00000000752e15b5 2 bytes JMP 7582fd31 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                00000000752e15cd 2 bytes JMP 7583b2cc C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20            00000000752e16b2 2 bytes JMP 758b8eb4 C:\Windows\syswow64\kernel32.dll
.text  F:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31            00000000752e16bd 2 bytes JMP 758b8681 C:\Windows\syswow64\kernel32.dll

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC                                                 ???b??????D??????0??????B-????X??????????????p?p?s???????????#???#???????????????????????????????????=???=????|??g??? ???????????????????????y???????????????????????????????????????????y???????y???a??????Wm??????4????????????.???????.???????????t?????sks???????????s??t???t????(N??y??? ???????????????????????????8??????s????d?ds\???????????`???`??????????????? ???????`???????????U????????>???????????e??????????????????????????????????????`??????????????s????????????`???????q??clbcatq.dll?????? ???????`??????????????????????????????????????????? ???????`???????????`?????????????? ???????????? ???????`???????????U????????*?????????????netfxcustomperfcounters.1.0?SharedPerfIPCBlock?Cor_Private_IPCBlock?Cor_Public_IPCBlock_?????????????????????????/??????????usbhub???????????`??????? ???????`???????????`?????????????? ???????????? ???????`???????????`?,????????,?????????s??????????`??????2???ole32.dll????????????????`??????????advapi32.dll?????????`??????????COMDLG32.dll????gdi32.dll?????,??`??????????????%System
Reg    HKLM\SYSTEM\CurrentControlSet\services\ngvss\Parameters@asserts                                                                  ???U?????`?`?????????????????????d??be??PNP_TDI?????? ???????U???????????A?,??????????????#??????????U????????????y?????ACPI_HAL\PNP0C08?*PNP0C08????????????????????????.???????????????;?????U#???? ???????U?????U?????A?,????????.???A?????????????????????????????????}??????????????????????????????U??????p??????????????????????????????????????g???????U#???? ???????U???????????A?,??????????????#???????X??_??????????? .??_???-??????? ???????V???????e???????????????????\?????U#???? ???????U?????U?????P?,????????2???C??????????????????????????????????}????????????????????????????? .??_??? ??????????7470????? ???????U???????????P?,??????????????#???????l?????????????????9??????U#???NDProxy??\???U???????????????????????????????d??? ???k???4???????????? ??/???E???n??????????????????? ???????U?????U?????S?,????????6???E???????????????????????????????????}???? ????????????????????N??e???6?????D????????????????? ???????U???????????S?,??????????????#????????????????????s??????X??e??????????????????System???????? ??/?????
Reg    HKLM\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToSnapshot@OfficeODC                                                     ???e?????3?9?a?u?o????\????????g?????k?l?|???;???j?j?_??????:????????????????????????????@??????s?????N??|???????d???????????z????????????????$??????T??????????ACPI?,???}???????????T???0??????-4????"??;???????????????????????n?????????????????????s?????????????????????????,????`??;???p???"??\Device\{2E7E2BDA-FC3E-4DCA-A662-CC2714C17C6E}??{D??{2E7E2BDA-FC3E-4DCA-A662-CC2714C17C6E}?pip???????????7???d??? ???????;???????????,?:????????h??????4DF???????????????????E??pB???????????;??? ???????0?????;?????;?,????????$???<???????????????????????????????\L??? ???????;???????????;?,????????z?????#42F?????;#?????$??;???B???????0??Root\*TEREDO\0000?????z??;???9??????27??\\?\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}?\??? ???????1?????;???????,??N?????$???<???????????????????????????????C-??????????HDAUDIO\FUNC_01&VEN_10EC&DEV_0887&SUBSYS_1462D793&REV_1003\4&328528fd&0&0001?.??Root\SYSTEM\0000?????????????}?????s????FltMgr??????? ?????????????:?????2?:????????N?????324D??? N??;???7??????e-???????????9?????
Reg    HKLM\SYSTEM\ControlSet002\services\ngvss\Parameters@asserts                                                                      ???o?????????????y?vr??????o??????????????R??p?????????n??????$????????????e?????????????? ??/???????e??C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl??????????_???????????????z???f???????????,???????n????^??o?????????n??????.??o????????h??????????????-???-??Controls the underlying video driver stacks to provide fully-featured display capabilities.??????????????????????????????????n??????????????????????????????????t?????X??p?????????n?????????????????????????????p??0c??system32\drivers\nsiproxy.sys???????????????????????????????????e???System32\DRIVERS\netbt.sys??????????????????????????????????????????????????????????????????????????????????? ???????o?????o???????????????????? ???????????? ???????o????????'???????????L???????????????????????????????P??o?????????e?????????n???z?????e????\??\D:\NTIOLib_X64.sys????????`??o?????????e????????????????????????????????DAEMON Tools Lite Virtual SCSI Bus?-A5????N??q???;???????????????????d??????System32\drivers\pcw.sys??????8

---- Files - GMER 2.1 ----

File   C:\ProgramData\AVAST Software\Avast\spool\suspic\{081C07E1-D385-497D-A890-90E68EE6BA14}.suspic                                   876 bytes
File   C:\ProgramData\AVAST Software\Avast\spool\suspic\{E993BC12-01B8-4BDE-8585-D021E74821B4}.suspic                                   381302 bytes
File   C:\Windows\Temp\_avast_\ws1820B540.dat                                                                                           5177160 bytes
File   C:\Windows\winsxs\x86_microsoft-windows-fdeploy_31bf3856ad364e35_6.1.7601.17514_none_e1bcfc28af006dea\fdeploy.dll                (size mismatch) 73728/59904 bytes executable
File   C:\Windows\winsxs\x86_microsoft-windows-fde_31bf3856ad364e35_6.1.7601.17514_none_aa136561b9ed4ae4\fde.dll                        (size mismatch) 124928/124416 bytes executable
File   C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.1.7600.16385_none_ce0882b8c63afdf6\gpedit.dll  (size mismatch) 566784/951808 bytes executable
File   C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-gptext_31bf3856ad364e35_6.1.7600.16385_none_372622adf05a6587\gptext.dll      (size mismatch) 199680/18944 bytes executable

---- EOF - GMER 2.1 ----