GMER 2.1.19155 - http://www.gmer.net
Rootkit scan 2013-03-04 20:00:47
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6400BPVT-80HXZT1 rev.01.01A01 596,17GB
Running: trj5x4xu.exe; Driver: C:\Users\hardisc.pl\AppData\Local\Temp\pwliapob.sys


---- Registry - GMER 2.1 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f683de658                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind                                 ???????????????????????????e????? ???????T??????n???????????????????????????????????????TCPIP6TUNNEL?Tcpip6??P??@n??????BADDEVICE.Dev???Urz?dzenie wej?ciowe USB????????????????????Multiple Card  Reader USB Device?e????z???????????????????$??????????????????????k???????????????????u???????k??{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? ?????????????????????0????????????????????????????????????&????????????????????????????n???????????????????????????? ??????????? ????????????n????????????6????????? ?5?????????????????????3?????????????Root\*ISATAP\0003????????????/??????????{71a27cdd-812a-11d0-bec7-08002be2092f}\0027??????????????????????????????????????????????????????}??????????????????????????????{7E4AE9B8-1DC4-4CBD-8A43-A113EA57EBCA}??????????????????????????????6.1.7600.16385????????X??????5???????????????T??\0??2???????????????????.NTAMD64?????????????B??????????? l??????c??????????????????????????????????Karta Microsoft ISATAP??????-100????????????????????????????{71a27cdd-812a-11d0-bec7-08002be2092f}?
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route                                ?????0??? ???????????????????????????????????_???????????????????????????????y??LegacyDriver??????4?????????p???Ndisuio,rspndr,lltdio,RasPppoe,Tcpip,Tcpip6??????????????????????????8?e?e?e?e???V??????????? ???????????????????&?0??????????????????????????????????????????z????????g?????????????????????????????????????????????????????p????h?????????????????????????????????????????????????????????r?????z????????g????????????????????????????????????t???{ac7e6115-72e4-476b-afac-eee8ec694717}????????????????????????????????????????????????z????????g??????X??????z???e???????????????????????????????5??????????????????????p???10.0.0.67???????$???4????? ??????? ????t???????????????????????????????????????? ??????????? ?????????z????????g???????? ????/???????????????????????????e???????j???~???t???8?[?e?e?e?z?d??????{00000000-0000-0000-ffff-ffffffffffff}?PCI?????????????????s?????????????????????????$|??????????????????????????????????j??????????????????$???4????? ??????? ????????????????????????????????????????????????
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                               ?????????????0??t?????X??????????6??????? ??????????????????????????????????????}???????????????????????D????????????????h??????96????0??????????????????????????????????????????????????????????*??????????????????????????????????????????????????????????????????????????6-??GEARAspiWDM?????????????????????????????????????????????{0??????????? ??D????????????-???t???????????????????????????????????????????????????????????D??99????B??????i???h??.NT??e???????????????????????????????????????????-??86???????e??t???? ????????????????????????????????;??????????e??storage\volume????????????????????????????????*??????????????????????????????????????s?????????0???0???9???;???;???;??????????%?<????????????????????????????????????????????????????????????????s?????sis???????k???????????????????????????1??????????????????????????Ty???????????????????e??HID_Raw_Inst?c??? ???????????????????????????????????????????s??????*i???????/??????????????????????????LocalSystem??e??Wolumin uniwersalny?6.?????????????????????????????????
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind                            ??????????:??????t?gg????????????????e??@volume.inf,%msft%;Microsoft?9??.NTAMD64????????D????{???????{???????????b??????????????? ???????e?????l?c??.NT?D9??oem37.inf:WACOM.NTamd64:wacomvhid:2.9.2.4:root\wacomvirtualhid???Z??? ?????????????????????0????????????&????????????????????c??-4??Wacom Co.,Ltd. CTH-460?/?/??? ???????e?????sne??????????? ???????????????????????????????????????f??.NTAMD64????????????? ???????????????????z?0????????.???????????????????????????????? \??????????????/????R????????????e????Karta Microsoft ISATAP?k6???????????? ???????????????????y??????????B???????????????????????????????????????? ???????0??????sB????*??????e?????????n?e??HIDClass?????????????????????????-??????????? ???????e?????l?C?????????????????????????s?????????????????????????????????????/???/???????????6??AD??????????????????????????????????????????????????????????? ?????????????????????0????????????????????????????????????? ????N???????????D???????N??????{????????????N??????6???????3??????l ???? ??????}???e??? p????
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route                           ?????????????????$|?????????????????????????????? p??????????????????j?j?????????$|?????????????????????????????? p?????????????????? p??????a?????NO_???g?????[?`?d?d???`???????i?j????????? p??????????????????d????h??????????????????????????????????????????????$|??????????????????????????????j?j????????????\Device\{91ABC494-3BB3-46FF-819F-F9968A847191}?\Device\{8514FA0B-D834-4953-A1B3-69B74C757C77}?\Device\{7E4AE9B8-1DC4-4CBD-8A43-A113EA57EBCA}?\Device\{D905C783-7F44-4458-94E8-9326FD64E63B}?\Device\{C65C2C39-6132-4E79-A29E-E2452ED20CD5}?\Device\{81626C98-2AB4-47CF-A51D-FBC6EA67D560}?\Device\{DF7357C4-2959-49DC-8CD0-6B8C72E12D7B}?\Device\{FF699AAE-E506-4F72-8F54-1D4175A78784}?\Device\{8AEDCBEA-56B3-4245-B45B-944ACC53D2E5}?\Device\{9B43B8DA-3E2A-49B7-90B3-BBEACFD355CC}?\Device\{DF66A0D9-1959-487E-A6EC-25DB27FB8F83}?\Device\{274AD3A0-CCC1-4CDC-96F1-AD50A54AAF70}?\Device\{5DC295C2-2FA4-409A-8DAF-1613280C65E6}?\Device\{BAB3B142-1E2B-4481-8E96-D52A740E0960}?\Device\{5B3240F0-868F-4603-9493-C5C6F0B49215}?\Device\{9
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                          ???t?????????#???? ??@????????????\??m????????h?? ????????????6????????????e??????d??{?????????e?????????????????????m??????????????di??????p????????????~?~?~?????????n?????????????M?????????????n?&????2????????????e????Root\*6TO4MP\0008?????8??|??????????????????????input.inf????????????????m???????????????????n??????????????p????m???????0???{???s???????~??????????????t??????????????????????????????g?????????????????????????n???????????????????|???????????????m????????????????????????????????????????????????R??m????????h?????\SystemRoot\system32\DRIVERS\adp94xx.sys?y???????m??????p???SCSI Miniport?????V??m???????????d??adp94xx.inf_amd64_neutral_4928c8870f6a1577???????m?m?m?m?m?m??????????????????????????????????????????????????????????R??m??????????????\SystemRoot\system32\DRIVERS\adpahci.sys?e???????m??????????SCSI Miniport?????V??m??????????????adpahci.inf_amd64_neutral_b082e95ec9f8c3f9???????m?m?m?m?m?m????????????????t?????????????????????????????????????????R??m????????h?????\SystemRoot\system32\DRIVER
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f683de658 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind                                     ???@?????????????g???????????f???s??????np??usbhub???????f?f?5????N??h?????????D????FLxHCIh?????????????????????????????????????????? ???????f?????f?????f?,??(???$?????????????????s??????????????????????ahc??? ???????f?????f???????,???????????????????????????????f????? ???????f?????????????,???????????????????????????f????? ???????f???????????e?.??????"??????????f???????f ??F????????r7-0??? P??f???.?????.?/??????????????@?????????P?????????????????C0???f?????????????????f????????????????? ???????????????????f?0?????????????????????????????????????????f???????????????????f?f????? ???????f ????f???????0????????????&??????????????????????????f???f????? ???????f?????f???????0?????????????????????f?f????? ???????f???????????f?0?????????????????????????????????????????f???????????????????f?f?f?????f????? ???????f?????f???????0?????????????????????f?f????????? ???????f???????????f?0?????????????????????????????????????????f??????????6.1.7600.16385?????????f????? ???????f?????f???????0???????????????????????????????
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route                                    ???j????USB??????????????3?????????? ??????????s?????????????????????????????????d?????sed???d?j?j?j?????????????????????h???????????????j???j??? ???????j?????j?????j?.??????????9? ???????????????????????????????? ???????j???????????j?.????????N???????????????????????s????e?f?j?j?k?k?k???????j???C??sH??LegacyDriver?????????????a?????ser???????j???????e???j??USBSTOR??????????????l?????sle????z??????.?g?.???{???????j???|???|???j??????????UMB\UMBUS????????j????*??n???|?????????ncy???????????????????????????????d?h?j?j?????????????????????????????????????????s?????s?????????j??????s????|?|?|???k?k????????SB????N??j???L????D?Se??Microsoft???Ndi-Mp-Bh????k?k?????????j???j???j???????????????????d???????e???????????k?k?j??HidUsb??????umbus.inf??????????????????s????USBSTOR?__??????????????t???????????*pnp0000????????????????????????????????t????????????????????????????s??t.???k?k?k???????????????????????????k??at???????????????????????j???????????????j?j?j?j?j???j????????????????????????X??????0???0???????j????????$
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                   ??????????????????????????????????Z??}????????h?????%SystemRoot%\System32\svchost.exe -k secsvcs????????? ???????}???????????}????????,?T??? ???????????? T??}??????????????%ProgramFiles%\Windows Defender\mpsvc.dll???? ???????}???????????}???????????????????????????}???+??????????????0????????????????????(??????P???????W????(??????P???????W????????????????????? ??????????????????????????????????????}???}?}?}??? ???????}?????}???????????????????????????o???????}???}???}????????? ???????}???????????}????????????????0??????????????????????????}?????????????????????????}0???? ???????n?????n????????????????????#??????????????????0????? ???????}???????????}?????????????????????e?????????????????????s??? ???}??????????s???65536?272696320?65536?272696320?65536?272696320?65536?272696320?65536?272696320?65536?272696320?65536?65536?272696320?65536?272696320?65536?272696320?65536?65536???????5908?,????*??}??????e???ClosePerformanceData????? ???}??????????s????}?}?}???}???????????????????e????(??}??????????OpenPerformance
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind                                ???h?j???????????&???????A??.NTAMD64?????? ??A??????s???volume_install??????? ???A???4??????t???? ???A???4??????????volume_install?,MB??? ???A???4???????????????????????A??????????????? ???A???????????????A??? ???????A?????????????0???????????? ??????????????A?&?A?&?A?&?A?&?A????????????? ?????????????A?????A???????? ?T?%?&?????????????????????????T??A????????c?????@%SystemRoot%\system32\sysclass.dll,-3022?????6??A??????Multi-port serial adapters?lass.dll,-3022?????P??A??????????%systemroot%\system32\setupapi.dll,-26???????A?A?A?A?A???????A??????????????? ???????A?????????????0???????????? ??????????????A????? ?????????????A?????A??????????T?&?&????????????????????????????A??????s???Memory????????T??A????????c?????@%SystemRoot%\System32\SysClass.Dll,-3018??????A?????????A??????Memory devices?ystem32\SysClass.Dll,-3018?????P??A??????????%SystemRoot%\System32\setupapi.dll,-32???????A?A?A?A?A??????1???????????????? ???????A?????????????0???????????? ???????????? ?????????????A?????A??????????P?'?&??????????????
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route                               ???j?j???????????????????j?j?j???j??? ???????????????????????j???j??Volume??????PNP_TDI??????j???k?k?????i???j???g?g?j?j??????????8??j????????h??????????????????????????????@???1??s5???????????j??????????????????????????????Volume???????????????m?????ss??????? ????E?????s?????????j???3????????X??k??????????LegacyDriver????????????????????????s???????????????t????j??Volume??????UMB?????????????????????????????????????????????????????????????????????? ????P??j?????????e??????X??????&???&????:??j???6?g9F???????????????????????????????3?????s?????????????y??nf???????j??????s????????????s??????ol??????????????????????????19????????????????????8??t???????????????????n?n?????????????e?????????????????????????s???????? ??????????s???????????????????s?????????????????????????j???????j???????????&??????a0???????|???p??sv???????????????????h?j?j?j????s????????@???%???e??????????????.NT??????????????????????????????????????|??????????????s?????????????????????????4??j?????g?????????h????????????s?????IntcAzAudAddService
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                              ??????????????????X??????????????????????i??an??????????Microsoft????????????????????????????????????????e??????s?????N????????????D?????????????????????????????????????R??????9.2.0.1016??????????????? ?????????????????????,??(???????????????????s?????? ?????????????????????,??4?????????????????????????? ?????????????????????,????????????????????????? ???????????????????h?.??????"??????????f???????????????????? ???@???????????????@???????????????????????????????D???????????????D????????????????????????????????????????????????????????????????????????????????????????????????????????????@?????????D???????????????????? ? ???????@system32\DRIVERS\pci.sys,#1540;PCI to PCI Bridge???????l????s??? ?????????????????????0??L????????? ??????CC0??????????????????????? ?????????????????????0????????????&????????????????????2??? ?????????????????????0????????????????????? ?????????????????????0????????????????????????l????s??? ?????????????????????0????????????????????????????????????????? ?????????????????????0???????????

---- EOF - GMER 2.1 ----