GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-13 22:21:25 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006e TS256GSS rev.N111 238,47GB Running: pzqro9dz.exe; Driver: C:\Users\Kasia\AppData\Local\Temp\pgddapod.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000135c00 7 bytes [C0, 4B, F3, FF, 01, 55, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000135c08 3 bytes [C0, 06, 02] ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_14944658622912294@SetupOperations ???l?~???????j?????????????????????k??????????????????????????T??j????????h?????\SystemRoot\system32\drivers\intelide.sys??????????????g??????0??j??????p????j??@%systemroot%\system32\drivers\hwpolicy.sys,-101????????@??????g?????y?ysd???????????e????pv4.??????7d???????j???t??p6???????????????????????j???j???j???????????;??????????????????????t???usb3hub_Inst????????????????????????{00000000-0000-0000-ffff-ffffffffffff}?ut.???i???????????`?????????????n?????j??? ?????????????????????????system32\DRIVERS\i8042prt.sys?8042prt.sys????????????0??????29???i?i?j?j?j???k?k?k???????????????????????????????4?g1F???j???j????&??????????????e???????????n???????n????6????????????e????File system??????????????????????k?l?m?m?????$???????????????????c??????{A????R????????????e????system32\DRIVERS\mrxsmb20.sys???????????? ???????n???????????j?,????????>?T??????m??Intel Bluetooth Auxiliary Service????j?j?j?j?j?j?j???????j???????????????????j?o?o???j????4??j?????????e????2-6-2007????????*???? ???????n?????????????,????????R?V Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3402866a46c1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_14944658622912294@SetupOperations ????Dr??????????????? ?????????????????????,????????????????X???\\?\USB#VID_1004&PID_633E&MI_01#6&242edad1&0&0000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}?_??usbstor.inf?0????e??? ???????T?????????????,????????????&???????????????????????? ?????????????????????,????????\???X???????????????????????????????????????????????USB\VID_1004&PID_633E&MI_01\6&242edad1&0&0000????????????????????e??????????? ?????????????????????,??????????????#-80??\\?\USB#VID_1004&PID_633E&MI_01#6&242edad1&0&0000#{456f868b-66cf-4bdf-bfb7-84de59cc2778}?i??? ??????????????????????#???? ??????????????s?????N????????????D????-6??@usb.inf,%generic.mfg%;(Standardowy kontroler hosta USB)????????????????????????????????????.NT?????? ??????????????????????????????~???i?????????????????????????????????????????????????????}.pk????~??????????????N??USB\VID_05AC&PID_12A8\f3b08810fd1900290a9000670a3cb0b9a3f66301?s????? ??????????????????????????????????????????????????????????????\\?\USB#VID_05AC&PID_12A8#f3b08810fd1900290a9000670a3cb0b9a3f66301#{6ac Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3402866a46c1 (not active ControlSet) ---- EOF - GMER 2.2 ----