GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-03 09:44:19
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.PC4Z 465,76GB
Running: 94lbmzp2.exe; Driver: C:\Users\PiotrR\AppData\Local\Temp\uxldqpod.sys


---- Registry - GMER 2.1 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619c61ad8                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619c61ad8@f81edf6c8dac         0x17 0xD6 0x15 0xF8 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind                                 ????????oem25.inf??????p??????????????????????????????????????N????????????D?????????~???????????????????1??85??? ??????????????????????????????hdaudio\func_01&ven_1002&dev_aa01&rev_1002??????? ????????????????????????????????????"???????????????X??????0???????????????????????~??????????????Microsoft Word???????????~???????????7??????}????????????8???????????????????0?????s????? 0????????????D ???????g???? ?????????????~?????p?,?????? ????????????????????ly ??? ???????~???????????p?,?????? ????? ??????anc??WUDFCoinstaller.dll?????WINUSB.INF???????$????????????????????????????????N????????????D??????????????N???????????D?????6.1.7600.16385??????????????????pc??{5d624f94-8850-40c3-a3fa-a4fd2080baf3}\vwifimp\5&31b5f917&0&01?22-???????~???????????$|?????????????????????????????????????????????Intel????????@??????????? ???????;???????????;?,?????? ????? ????????????????????d???????????????????????????????~????`??????3???1??? ????????????????????????????N???????????D??????????????????~???d??_2??????l?????Z??????-?
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route                                ?????????????????????????????????????????????????????????????????D??ic???????????{??55????&??????????e??????????????????????????????????????????????????????4m??42??????????????id??????????????{4d36e968-e325-11ce-bfc1-08002be10318}??????{00000000-0000-0000-ffff-ffffffffffff}?-??????N?????? ????D??????????=??sdbus.inf:Generic.NTamd64:SDHost:6.1.7600.16438:pci\cc_080501???PCI\VEN_197B&DEV_2388&SUBSYS_392317AA&REV_20?PCI\VEN_197B&DEV_2388&SUBSYS_392317AA?PCI\VEN_197B&DEV_2388&CC_088000?PCI\VEN_197B&DEV_2388&CC_0880???????????????????????????????????????4?????????~??????????@system32\DRIVERS\pci.sys,#2176;Base System Device?ie systemowe?????PCI\VEN_197B&DEV_2388&REV_20?PCI\VEN_197B&DEV_2388?PCI\VEN_197B&CC_088000?PCI\VEN_197B&CC_0880?PCI\VEN_197B?PCI\CC_088000?PCI\CC_0880??????????????????????s????9.1.1.1020?.76???????????v??er???????????c??c0??????????????????????????LegacyDriver????????????????????????????????????????????{4d36e97d-e325-11ce-bfc1-08002be10318}???????????????????????????????????????????????i?? (?
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                               ????????????????????????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Steam\steamapps\common\xcom ufo defense\dosbox.exe|Name=X-COM: UFO Defense|?ox??v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Steam\steamapps\common\xcom ufo defense\dosbox.exe|Name=X-COM: UFO Defense|?p???&???????c???????????????????o???&???????X??????????????????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Steam\steamapps\common\x-com terror from the deep\runme.exe|Name=X-COM: Terror from the Deep|????&???????e???????????????????????(???????B???????????????????????????????????????????????????????????????\????????X????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind                            ????????{4d36e967-e325-11ce-bfc1-08002be10318}\0003??????????n???O???e??Wolumin uniwersalny?\\??LegacyDriver?0???/?0?????????????????????1??????????????????????????????????????????????????????????PCI\VEN_8086&DEV_3B32&REV_06?PCI\VEN_8086&DEV_3B32?PCI\VEN_8086&CC_118000?PCI\VEN_8086&CC_1180?PCI\VEN_8086?PCI\CC_118000?PCI\CC_1180????????j?k?k?k????????{4d36e97d-e325-11ce-bfc1-08002be10318}??????@nettun.inf,%msft%;Microsoft?????????g???????e??????????DI??????????????????????????LegacyDriver????????????????????@oem4.inf,%pci\ven_8086&dev_3b34.devicedesc%;Intel(R) 5 Series/3400 Series Chipset Family USB Enhanced Host Controller - 3B34???????????????&?????????????X??????????????,??????.NTAMD64????PCI\VEN_8086&DEV_3B34&REV_06?PCI\VEN_8086&DEV_3B34?PCI\VEN_8086&CC_0C0320?PCI\VEN_8086&CC_0C03?PCI\VEN_8086?PCI\CC_0C0320?PCI\CC_0C03??D1}????~??????????????????l??????????? l??????????????????????l???<???<??Microsoft???????????????????????????machine.inf:INTEL_SYS.NTamd64:NO_DRV:6.1.7600.16385:pci\ven_8086&dev_3b32??????
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route                           ????????? ??????????????????machine.inf:GENDEV_SYS.NTamd64:NO_DRV:6.1.7600.16385:pci\cc_0600????machine.inf:GENDEV_SYS.NTamd64:NO_DRV:6.1.7600.16385:pci\cc_0600????{00000000-0000-0000-ffff-ffffffffffff}??????ATA Channel 4?????,??????0??0???? ???????|???????????????????????????????????A??4-??*6to4mp?????{00000000-0000-0000-0000-000000000000}?1#{??Karta Microsoft 6to4????????????????????????????????????????????????????????????????????????Microsoft???????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0018?????????????????? ???????????D??AB??{36fc9e60-c465-11cf-8056-444553540000}???????????????????m??????0}???????????????h??????s???Intel(R) processor PCI Express Root Port - 0045?ek??nettun.inf???????????g???*???e??tu????????????????????????????~??????0?g?0??????????????s????????1????N???????????D??????????????_??&p???????????????????j?k?k?k??????????N???????????D6??????????????????????~????????g????LegacyDriver????6to4mp.ndi??????? ???j???_?????l?????????????F??-F??6.1.7600.16385??????????os???????????5??s??
Reg  HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                          ????????????????????????volsnap?????????????????????????? ?????????????????????0????????????????????INTEL_USB2_CTTB?????ATI Technologies Inc.???????????????6-21-2006????????????????j???????????????????3??}"??oem26.inf???????????????????????????????????pci\ven_8086&dev_3b3c????????????????????????????????????????????M??\U??{4d36e97d-e325-11ce-bfc1-08002be10318}??????INTEL_USB2_CTTB??0???????????b??36??? l?????? ???????y????????????????????????N??????e?????lne??USB?6b??@system32\DRIVERS\pci.sys,#65536;PCI bus %1, device %2, function %3;(5,0,0)?3;(5,0,0)???usbui.dll,USBControllerPropPageProvider?ro???????????????j????,??????0??0???????4???? d??????E?????6&D???????????l???I??pci\ven_8086&dev_3b34?????,?????????????????????? ?? M???????j???s??t????????????d??s-??@system32\DRIVERS\pci.sys,#512;Ethernet Controller??????Karta Microsoft 6to4 #2?Mi????????????????????????????????????????P???????????????????????????????0??????r??????ro??????????????????????@system32\DRIVERS\pci.sys,#2176;Podstawowe urz?dzenie systemowe
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619c61ad8 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619c61ad8@f81edf6c8dac             0x17 0xD6 0x15 0xF8 ...
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind                                     ???h?p?????g????? ???????g?????g???????0????????????????????input.inf???? ???????g???????????g?0?????????????????????????h???U???????????????????????|?~???????g????? ???????g?????g???????0???????????????????????g???g???g???g????? ???????g???????????g?0??????????????????????*??h???????????????h??????????.NT????????g????? ???????g?????????????0????????????&?????????????????????????N??h?????????D?h??? ???????g?????g???????0????????????????????? ???????g???????????g?0????????????????????hdaudio\func_01?????http://www.microsoft.com???????g????? ???????g?????g???????0?????????????????????????????h??? ???????g???????????g?0?????????????????????????h???o??ro???? ??g???r??RO???????????z?????????????g????? ???????g?????g???????0?????????????????????????????????O???t?~os??t????h??????????????@hdaudio.inf,%hdaudiofunctiondriver.generic.devicedesc%;Urz?dzenie zgodne ze standardem High Definition Audio???? ??????????????????? ????????????????????N????????????D?????????????????????????l?l?l??hdaudio.inf:Microsoft.ntamd64:H
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route                                    ???o?s?????g????? ???????g?????g???????0???????????????????????g???g???g???g????? ???????g???????????U?0???????????????????????????????????????????????????????????????g????? ???????g ????????????0????????????&??????????????????????????g???g????? ???????g?????g???????0????????????????????? ???????g???????????U?0????????????????????tunnel?ft?????,??g??????????*6to4mp????????????????g????? ???????g?????g???????0?????????????????????y?|id??????? ???????g???????????U?0?????????????????????????e???5??s????????????0???e???????????i?|MD?????????g????? ???????g?????g???????0??????????????????????N??g?????????D????? ???????g???????????U?0????????*???????????????????????t??????g????? ???????g???????????d?0?????????????????????????????t??????? ???????g?????g???????0?????????????????????g???g??????????????? ???????f???????????7?0???????????????????????f???f?????????f??.NT?????? ???????g???????????d?0????????????????????? ???????g?????g???????0????????????????????? ???????g???????????d?0????????????????????bthenum\{84a1e9
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                   ???s?s????8??s????????h??????u??????? ???????s???????????s?????????????? ???????????? ??????????????????? ???????n?????s?????s??????????@?????????????"??s?????????e????@keyiso.dll,-100??????@??s????????h?????%SystemRoot%\system32\lsass.exe???????"??s?????????n????@keyiso.dll,-101????? ???s??????????????LocalSystem?????RpcSs????????????????????????????????s?????????????? ????????????????s???????????e???s?s?s?s?s?s?s?s????? ???????s???????????s??????????????????????????????0????????????????????????????????????? ????????????????????????????????????????????????????????????s????? ???????n??????????????????????8????????????z???????????????????????????????s??????p???? N??v???????????????????????????s?s?s?????????'????PNP Filter???????~???????????????????????s???????:????:??s????????h??????????s??????????????????????????? ???????n??????????????????????:????????g????????????????????????????0??s?????????e?????????????*???*??????????????????????????????????????????????????????Kernel Streaming Thunks??????z??f????y?y.N?
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind                                ???k?????k?k?????k???k??? ???????k?????k???????0????????????????????Microsoft??????????????????s?????k???????????F?????s&C???k???? ??o???????=???k????????????????????????N??k????????D??.???????????_??????7C???j?k?k?k?????k???k???????????3???????????k?k?k?k????????Base?????????????????????k?k?????????????3???????????k?l?k???????????n???/???d?k?k?k?????k???k???k??Net??|???k??ksfilter.inf:Microsoft.NTamd64:MSKSSRV:6.1.7600.16385:sw\{96e080c7-143c-11d1-b40f-00a0c9223196}??????????????????????????????????????????????k???j?j?j?j?j?j?k?k?k?k?k???????????????????????k???????????????k???????????????k???????????????k???????????k?k?k???????????????????????m???????????k?k?????k?k????? ???????????????????????????????????????f???k?k????? ???????j?????k?????j????????????)??????????O??Microsoft???????????? ???????k???????????j??????????b????????????z?{????LegacyDriver?????k???k???k?k?l??Net??????k??? ???????k???????????k??????????\??????????????k?&??{8ECC055D-047F-11D1-A537-0000F8753ED1}??????????????LegacyDriver?H??02???k?
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route                               ???g?q??*6to4mp??i??????????????????????????????@system32\drivers\BthEnum.sys,#1;Zewn?trzne urz?dzenie Bluetooth????input.inf???? ???????-??????????MONITOR\SAM036A??????h?i????? ???f???????????+??oem11.inf:WIDCOMM.NTamd64...1:BTAUDIO:6.2.1.1200:bthenum\{24df01a9-3e4f-4c9f-9f66-5aa8ab14f8f4}?O:???????????????????g?????g???g????tunnel????????N????????????D?????????g??????????? ????????????????????&??g??????????????????? ??????????????????????????????????80??????la??? ???????g???????????f????????????????????????s??????????3??????s???Microsoft???? ???????g?????g??????????"??????????????????.????>??~?????g?????????????o???o????X??????8???0???????????h???g??????????????? ???????g???????????????????????????????f???x?z?????h??? ???????g?????g???????0??L????????? ??????????????g???g???g?????g??? ???????g?????g???????0????????????&???????????????????????? ???????g?????g???????0????????????????????? ???????g???????????d?0?????????????????????????????????????T???????????P??5???????????????????????????????????{4d36e96e-e
Reg  HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                              ???~?s??PnP Filter??????????????????????????????????????????t???File system???????P??r?????????e???????r?????r???r??????????????? ???????n?????r?????r????????$????????x????@%systemroot%\system32\fxsresm.dll,-118???????????????????????????B??r????????h?????%systemroot%\system32\fxssvc.exe????????????????t?????????????????????P??r?????????n????@%systemroot%\system32\fxsresm.dll,-122??????????r???+????????@??r???????????e??TapiSrv?RpcSs?PlugPlay?Spooler??????? 8??r??????????????NT AUTHORITY\NetworkService???????,??r???+???????+???????????????????????????r??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege???????r?r?r?r?r?r?r?r?r?r?r??????????????????????????? ???????r???????????r?????????????????????????????????p?????????????(??????P??????????????????? ???????????????????????????? ???????n???????????r??????????N??????c????@%SystemRoot%\system32\drivers\fvevol.sys,-100???????????t????:??r????????h????????

---- EOF - GMER 2.1 ----