GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-27 17:41:42 Windows 6.1.7601 Service Pack 1 x64 Running: 5rtw0loq.exe ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_14943321356782294@SetupOperations ????????Port_#0005.Hub_#0004?m??????????????????USB\VID_07D1&PID_3C03&REV_0001?USB\VID_07D1&PID_3C03????{4d36e967-e325-11ce-bfc1-08002be10318}??????{eec5ad98-8080-425f-922a-dabf3de3f69a}??????????????LegacyDriver????{8ECC055D-047F-11D1-A537-0000F8753ED1}?000???}???????????????????????????????g??? ???j??? ?????0GH??GH???d???????????B??oem24.inf????????????i???d???????????h??5.??ks.inf?wdmaudio.inf??i??????????????????????????????????????????????@input.inf,%hid.devicedesc%;Urz?dzenie wej?ciowe USB?l??WUDFCoinstaller.dll???????"??????????????????????.??4????????????0??????????{8ECC055D-047F-11D1-A537-0000F8753ED1}???3??DriverInterface??????????????????????????r?????????????????????????????????????s????????????????t???? ???????p???????????a???????? ??? ?????????@%systemroot%\system32\sstpsvc.dll,-202??????????????????????????????n??ws????N??????F????DD1}????N??????t????D??d??@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-240???? P?????? ???????.??{8ECC055D-047F-11D1-A537-0000F8753ED1}????????????????? Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_14943321356782294@SetupOperations ?????T??????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-32023|Desc=@FirewallAPI.dll,-32026|EmbedCtxt=@FirewallAPI.dll,-32002|???????0????????????????????????z?????t?z??u????????s??? @?????? ??????????@%SystemRoot%\system32\tcpipcfg.dll,-50004??????????????? ???????n??????????Typ?????????????????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|???v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|?A??atksgt???h??wpdmtp.inf??????@%SystemRoot%\system32\tcpipcfg.dll,-50003???? ?ReadyBoost???????&???????s???????????????????s???????????5???????????j????? ---- EOF - GMER 2.2 ----