GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-07 17:22:40 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD20EARX-00PASB0 rev.51.0AB51 1863,02GB Running: d65btki6.exe; Driver: C:\DOCUME~1\DROSAN\USTAWI~1\Temp\uxtdapog.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xAFC74A56] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xAFFB4478] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xAFC755E0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xAFCB38EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xAFC8044A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xAFC80496] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xAFC80668] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xAFCB32A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xAFC803B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xAFC804DA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xAFC80400] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xAFC75B32] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xAFC80622] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xAFC76264] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xAFC74ABC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xAFCB3FB2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xAFCB4268] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xAFC793DC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xAFCB3E1D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xAFCB3C88] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xAFFB4550] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwGetContextThread [0xAFC76AF6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xAFC7469C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xAFFB4932] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xAFC74B22] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xAFC797EE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xAFC7707C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xAFC80474] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xAFC804B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xAFC8068C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xAFCB35FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xAFC803DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xAFC78CB4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xAFC80586] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xAFC80428] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xAFC790AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xAFC80646] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xAFFB46D0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xAFCB3B03] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xAFC76EA0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xAFCB3955] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xAFC7688E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xAFFC2896] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xAFFC3262] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xAFCB28E3] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwResumeProcess [0xAFC7642E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwResumeThread [0xAFC7663A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xAFC74B88] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xAFC74BEE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xAFC76C20] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xAFC7473C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xAFC74914] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xAFCB40B9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xAFC748A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xAFC76534] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xAFC76764] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xAFC7499C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xAFC760A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xAFC76244] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xAFFB1B54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xAFC74C54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xAFC7563C] INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys AEAD916D INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys AEAD8FC2 ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 805048A0 12 Bytes [E3, 28, CB, AF, 2E, 64, C7, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [88, 4B, C7, AF, EE, 4B, C7, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [34, 65, C7, AF, 64, 67, C7, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL AFC775B9 \SystemRoot\system32\drivers\aswSnx.sys .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB27753C0, 0x83E20A, 0xE8000020] .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xAE7E4400, 0x87EE2, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xAE888620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xAE888620] .protect˙˙˙˙hardlockunknown last code section [0xAE888400, 0x5126, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xAE888400, 0x5126, 0xE0000020] ---- User code sections - GMER 2.2 ---- .text C:\program files\real\realplayer\update\realsched.exe[256] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1544] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2276] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AutoCAD 2008\acad.exe[3168] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 14, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 17, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 14, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 15, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91842E .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 16, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 15, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 16, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91849F .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 14, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9185CD .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 15, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 16, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 17, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 37D501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 37D503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 49FD01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 49FD03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00308290 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 67B003FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] KERNEL32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01ACE8D2 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01ACD9FF C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] KERNEL32.dll!ValidateLocale + B648 7C844EE0 7 Bytes JMP 017CAE7F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01ACD405 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 026F30ED C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 01785294 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3332] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 01C4DDBF C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, F0, C3, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 4E9F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 4E9F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B0, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, B3, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B0, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B1, FF, 00] {TEST AL, 0xb1; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91D5CA .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, B2, FF, 00] {TEST AL, 0xb2; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B1, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, B2, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91D63B .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B0, FF, 00] {TEST AL, 0xb0; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91D769 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B1, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, B2, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, B3, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1BFB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4468] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1BFB03FC ---- Devices - GMER 2.2 ---- Device \Driver\Tcpip \Device\Ip aswStmXP.sys Device \Driver\Tcpip \Device\Tcp aswStmXP.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.sys Device \Driver\Tcpip \Device\Udp aswStmXP.sys Device \Driver\Tcpip \Device\RawIp aswStmXP.sys Device \Driver\Tcpip \Device\IPMULTICAST aswStmXP.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{AA5D93F2-B4B4-476C-85E9-827AD29F4C2C}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{AA5D93F2-B4B4-476C-85E9-827AD29F4C2C}\0001@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14833624990622280@SetupOperations ???C?_????^??_???????????????????? ?????????????????????? ???????_???????????_????????????$??????p???????_??????Service??????_??? ???????_???????????_????????????%???????????n??????????_??????Driver Group?????_??? ???????_???????????_????????????&??????????????_??????Service??????_??? ???????_???????????_??????????????????t???????_???4??Service??????_???????_??????Service?????? ???????_???????????_????????????)??????????????????_??????Driver Group????? ???????_???????????_????????????*? ????????????????_??????Driver??????? ???????_???????????_????????????+???????s??????????_??????Driver???????_??? ???????_???????????_????????????,???????s??????????_???????_???_??????????????Driver??????? ???????_???????????_????????????/???????r??????????_??????Service??????_??? ???????_???????????_????????????0?????s????????_??????Service??????_??? ???????_???????????_????? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14833627468432280@SetupOperations ???d????USB\Vid_046d&Pid_c03f&Rev_2000?USB\Vid_046d&Pid_c03f?????{?{?d???#?s?s???h?z?C?????d??????0??d???v??1n?????d????Zapewnia us?ugi pozyskiwania obraz?w dla skaner?w i aparat?w fotograficznych.????K?K?K?K?K?K?Q?c?Q??? 0??p??? ????? ? ??(Standardowe urz?dzenia systemowe)???????@?C?I?I?#?'?J?J?J??????ASUS???????d???d???????d??????0??d???N??1A????(??h??????????? ???????d???????????b???????? ?0????????0???????D??? ???????d????????????????????????????????????s?lm??? ???????d???????????????????????????????f??? ???????c?????d??????????d??????????????O??disk????? *??d???????????????d??? ???????d?????d?????????? ?????????2???????????????????????????????? ???????d?????d?? ?? ????????&??????????????????7?;?I?O?O?O?O?O?O?c??????D??e???Q?g?Q???>???J?P?P?P?b?b?J???&?)?;?I?/?I?I?I?I?d????rp???????d??aswHdsKe?x???z?z?d??{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}?11D??HID\Vid_09da&Pid_1f8f&MI_01\7&183d515e&0&0000???194.204.152.34 194.204.159.1?????d??input.inf????}?}?}??? ???????d?????d??????????"????????????????????c?c???? Reg HKLM\SYSTEM\ControlSet004\Control\Video\{AA5D93F2-B4B4-476C-85E9-827AD29F4C2C}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet004\Control\Video\{AA5D93F2-B4B4-476C-85E9-827AD29F4C2C}\0001@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet004\Services\aswRvrt\Parameters\Instup_14833624990622280@SetupOperations ???ct???? ???????Y???????????d????????.??????????0???????????????????????s??????input.inf???Microsoft???? ???c???r?????s s?????K?K?R?R?R?R?R?R???????????????r???????U?????? ???????????????????sj???????????b??????????? ???????c???????????e????????6????????????8?b???????????????????????????????????????t?????????????n\s???????????b??????????????????????? ???W??????????s????????!???t??s????2?Q?Q?Q?Q?Q?b?b?Q??? 6??u???????????????c?c?d??????