GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-29 20:02:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.CJTA 238,47GB Running: syl3ky2u.exe; Driver: C:\Users\Zbigniew\AppData\Local\Temp\awldipow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[792] C:\windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000076ba9010 4 bytes [C3, 00, 00, 00] .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4452] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076291401 2 bytes JMP 7602b263 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4452] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076291419 2 bytes JMP 7602b38e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4452] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076291431 2 bytes JMP 760a90f1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4452] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007629144a 2 bytes CALL 760048ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4452] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762914dd 2 bytes JMP 760a89ea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4452] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762914f5 2 bytes JMP 760a8bc0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4452] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007629150d 2 bytes JMP 760a88e0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4452] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076291525 2 bytes JMP 760a8caa C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4452] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007629153d 2 bytes JMP 7601fce8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4452] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076291555 2 bytes JMP 76026937 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4452] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007629156d 2 bytes JMP 760a91a9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4452] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076291585 2 bytes JMP 760a8d0a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4452] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007629159d 2 bytes JMP 760a88a4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4452] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762915b5 2 bytes JMP 7601fd81 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4452] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762915cd 2 bytes JMP 7602b324 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4452] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762916b2 2 bytes JMP 760a906c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4452] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762916bd 2 bytes JMP 760a8839 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4732] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076291401 2 bytes JMP 7602b263 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4732] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076291419 2 bytes JMP 7602b38e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4732] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076291431 2 bytes JMP 760a90f1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4732] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007629144a 2 bytes CALL 760048ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4732] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762914dd 2 bytes JMP 760a89ea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4732] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762914f5 2 bytes JMP 760a8bc0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4732] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007629150d 2 bytes JMP 760a88e0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4732] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076291525 2 bytes JMP 760a8caa C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4732] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007629153d 2 bytes JMP 7601fce8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4732] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076291555 2 bytes JMP 76026937 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4732] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007629156d 2 bytes JMP 760a91a9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4732] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076291585 2 bytes JMP 760a8d0a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4732] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007629159d 2 bytes JMP 760a88a4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4732] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762915b5 2 bytes JMP 7601fd81 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4732] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762915cd 2 bytes JMP 7602b324 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4732] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762916b2 2 bytes JMP 760a906c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4732] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762916bd 2 bytes JMP 760a8839 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076291401 2 bytes JMP 7602b263 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076291419 2 bytes JMP 7602b38e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076291431 2 bytes JMP 760a90f1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007629144a 2 bytes CALL 760048ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762914dd 2 bytes JMP 760a89ea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762914f5 2 bytes JMP 760a8bc0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007629150d 2 bytes JMP 760a88e0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076291525 2 bytes JMP 760a8caa C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007629153d 2 bytes JMP 7601fce8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076291555 2 bytes JMP 76026937 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007629156d 2 bytes JMP 760a91a9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076291585 2 bytes JMP 760a8d0a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007629159d 2 bytes JMP 760a88a4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762915b5 2 bytes JMP 7601fd81 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762915cd 2 bytes JMP 7602b324 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762916b2 2 bytes JMP 760a906c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5244] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762916bd 2 bytes JMP 760a8839 C:\windows\syswow64\kernel32.dll ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{BB4601DA-BB11-46A2-AFDB-B81C8A872730}@InterfaceName isatap.{F6DC5762-1357-41E1-9111-018E0E9708B9} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{BB4601DA-BB11-46A2-AFDB-B81C8A872730}@ReusableType 0 ---- EOF - GMER 2.2 ----