GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2018-11-05 15:04:01
Windows 6.0.6002 Service Pack 2 
Running: yzmfueqk.exe


---- Registry - GMER 2.2 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15372437943062349@SetupOperations  ???F?L???F???????????????F???2??????????.2??? p??q???R?????190??????CC??system32\DRIVERS\tosrfbd.sys????{4d36e97d-e325-11ce-bfc1-08002be10318}\0028?|S??LegacyDriver?????????????????????????F???????F??.NT???????\??G?????????n????MTP?????NSI proxy service?????x?????????????\SystemRoot\system32\drivers\parport.sys????system32\DRIVERS\raspptp.sys??????*??F???3??\d???????????_???????????A???????????P???????????A??????????????????Miniport WAN (PPTP)???????@??j?????????2?????E?w????BADDEVICE.Dev???? ???K??????????? ??{4d36e96a-e325-11ce-bfc1-08002be10318}???????F???????????????????F??.NT??????????????????????????X?????F?????L?LsE??? ?J?????E?????G???????"????????????&????????????????????_??MTP??%??system32\DRIVERS\wanarp.sys?????system32\drivers\Wdf01000.sys???? ???F???F???????F????B??G???f??????W32Time?????WdfLoadGroup????@?????????????????????????????????????<??F????????h?????? ???F???d???????????L?L?????????????H???J?????????????g?J???F????????????????@??F??????????????????WUDFRd?ft????????????????????????]?]???
Reg  HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15372440703652349@SetupOperations  ????????? ????????????????????? ????????f???????????????????e???? ?????????????????????????????????????????dSI8?????????????????????Typ??&??? ?????????????????????"?????????????????????%?&?(?(?(?2?????(??????????????????????V2.0|Action=Block|Dir=in|App=%SystemRoot%\System32\svchost.exe|Svc=EMDMgmt|Name=Block any traffic to and from EMDMgmt Service|????p?? ????????????????????????????????????#??????e???????e??? ??????????????l?X?? ????????????????????????????"?????????????????????? ?????????????H???????"??L?????????&???????????????????????DiscSoft Virtual SCSI CdRom Device????h?@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103????????????????????????????????????s??ms_rspndr????0????????????????????????????????????????????0??????s?o?v?w?w?w???Rr????^?P?P?Q?l?K?V?V?????D0??????????c?????????856??????????????????v2.0|Action=Allow|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|LPort=3587|Protocol=6|Name=Allow Grouping to receive from port 3587|??????TOSHIBA ?f,%msftwudf%;(urz?dzenie systemu plik?w WPD)??
Reg  HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15373308018902349@SetupOperations  ???7?7???7??????????????? ?V?????2???????????,?"????????B?????????????????????????????B??7??????????usb\class_08&subclass_06&prot_50?0??? ?V?????H?????7???????"????????????????????? ?V?????7???????????,?"???????????????????????7?????????????3??C9???????????C??80??? ?V?????H?????7???????"????????????????????? ?V?????7???????????,?"???????????????????????7?????????????????????????7??????????usbstor.inf:Generic.NTx86:USBSTOR_BULK:6.0.6002.19595:usb\class_08&subclass_06&prot_50??????? ?V?????H?????7???????"????????????????????? ?V?????7???????????-?"????????>??????????????7??????????????????????>??7???e??am??Urz?dzenie pami?ci masowej USB????????T??7???????????7?7?????7?7??????P??7???????d???????7??????%S???????????????????7?7?????7?7??????X??7??????????Microsoft????????????????????????????????V???7?7lt???????7???S??te??.NT?????????????????%S???????7???????R??????????????????MSTEE???????????????????????MSPCLOCK?d???????????L??ic???????????d???X??sw\{97ebaacc-95bd-11d0-a3ea-00a0c9223196}????????7???????????7?7?7?
Reg  HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_15414149041112354@SetupOperations  ???_????usb.inf?e.??v???@input.inf,%hid.devicedesc%;Urz?dzenie USB interfejsu HID???? ???????_???????????W?????????????????&?&???^??.NTx86?i????? ???????????????????????^???_???h??usbport.inf?????WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_USB_DISK&REV_1100#6&3023562C&0#????????_???????????&???^??? n??^???b???????????_??? ???^?????????^?^??EHCI.Dev?^??Kontroler Texas Instruments PCI-8x12/7x12/6x12 CardBus??????????????? ???????????????????_???_??????????????USB DISK        ?devicename%;Sterownik woluminu systemu plik?w WPD firmy Microsoft? 4???STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT21?????.NTx86???_??? ???_??????????????.NT?????USB\VID_1BCF&PID_0007\5&32417976&0&2?e??? ???????^?????_???????"????????????????????? ???^????????????????????????????????N??_???0???????????_???_??????????Microsoft???\\?\STORAGE#VOLUMESNAPSHOT#HARDDISKVOLUMESNAPSHOT21#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}??????? ???????_???????????%?"??????????????????????0??^??????P???Microsoft??????
Reg  HKLM\SYSTEM\ControlSet011\Services\aswRvrt\Parameters\Instup_15372437943062349@SetupOperations      ????????@%SystemRoot%\system32\powrprof.dll,-103,Lock Console when System Wakes???????X?????????????????????????????????????????????????\\?\USB#VID_12D1&PID_107E&MI_00#6&3a152d90&0&0000#{6ac27878-a6fa-4155-ba85-f98f491d4f33}????????????????@%SystemRoot%\system32\powrprof.dll,-118,Do not lock console when system wakes??????? ????????????????????????????????????1?????? ?????????????????????$????????\???X???????????????????????????????????????????????????? ????????????????????????H?????????????????????????????????????????????????????????? `?????????????????\\?\USB#VID_12D1&PID_107E&MI_00#6&3a152d90&0&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}????????????????????? ?E???????????????????"????????????&???????????????????????? ?D???????????????????"????????????????????? ?D?????????????????@?"????????????????????? ?D???????????????????"????????????????????? ?D?????????????????@?"????????????????????????????????????? ?D???????????????????"????????????????????? ?D?????????????????@?"????????(???????????? ?D???????????
Reg  HKLM\SYSTEM\ControlSet011\Services\aswRvrt\Parameters\Instup_15372440703652349@SetupOperations      ????????? ?S???????????_???????"????????????????????sRGB Color Space Profile.icm????????? ??????????????????????????????????$???????????????????????? ??????????????????????????????????$?????????????????????????Z???????????????????????????????????????????????????????000}??????? ?E?????????????????A?"????????????????????? ?E???????????????????"????????????????????????@%SystemRoot%\system32\powrprof.dll,-118,Do not lock console when system wakes??????????????????????????? ?????????????????????"??????????????????????????????????????????????????????????????\?????????????????????????????? ?????????????????????$????????\???X???????????????????????????????????????????????????????????????????????????????????????? ??????????????????????????????????$???????????????????????? ????????????????????????H?????????$???????????????????????????????????????????????d???????????? ?????????????????????$??????????????#?????????#???? ????????????????????????H?????R???$???????????????????????????#??????????????????????????????????????
Reg  HKLM\SYSTEM\ControlSet011\Services\aswRvrt\Parameters\Instup_15373308018902349@SetupOperations      ????????? |S???????????????????"?????????????????????????????F?????ts???? |S?????????????????A?"????????????????????? ?????????????????????&?????????????????f??????????? ?S???????????_???????"????????????????????sRGB Color Space Profile.icm????????? ??????????????????????????????????$???????????????????????? ??????????????????????????????????$?????????????????????????Z???????????????????????????????????????????????????????000}??????? ?E?????????????????A?"????????????????????? ?E???????????????????"????????????????????????@%SystemRoot%\system32\powrprof.dll,-118,Do not lock console when system wakes??????????????????????????? ?????????????????????"??????????????????????????????????????????????????????????????\?????????????????????????????? ?????????????????????$????????\???X???????????????????????????????????????????????????????????????????????????????????????? ??????????????????????????????????$???????????????????????? ????????????????????????H?????????$???????????????????????????????????????????????d??????
Reg  HKLM\SYSTEM\ControlSet011\Services\aswRvrt\Parameters\Instup_15414149041112354@SetupOperations      ????????@machine.inf,%swenum.devicedesc%;Aplikacja zbieraj?ca informacje o oprogramowaniu urz?dze? Plug and Play????@machine.inf,%root\mssmbios.devicedesc%;Sterownik BIOS zarz?dzania systemem firmy Microsoft?????volume.inf:MSFT.NTx86:volume_install:6.0.6002.18679:storage\volume?e10?????????n????? ???F???????????????????Q???_??????in???????????O???????e??6-21-2006???@umbus.inf,%umbus.devicedesc%;Modu? wyliczaj?cy UMBus????????????&??@disk.inf,%disk_devdesc%;Stacja dysk?w??????{77F7F122-20B0-4117-A2FB-059D1FC88256}????????6????????????nOG??{8ECC055D-047F-11D1-A537-0000F8753ED1}???e????:??????b???h??@%SystemRoot%\system32\w32time.dll,-200?6E??@volume.inf,%storage\volume.devicedesc%;Wolumin uniwersalny??????????????=????????????II????Avast! WFP Redirect Driver?nt.???????????2???????????????&?????s#{??{8ECC055D-047F-11D1-A537-0000F8753ED1}??B}???????E?E?c?q?????????????????|???w??????????????\s???????&??@%systemroot%\system32\wuaueng.dll,-105??%??@disk.inf,%genmanufacturer%;(Standardowe stacje dysk?w)??x??{77F7F1

---- EOF - GMER 2.2 ----