GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-20 17:10:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O 298,09GB Running: lk4qxmos.exe; Driver: C:\Users\martyna\AppData\Local\Temp\fgliikog.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88005a8d30c 12 bytes {MOV RAX, 0xfffffa800587e2a0; JMP RAX} ---- User code sections - GMER 2.2 ---- .text C:\Program Files\AVAST Software\Avast\avastui.exe[5572] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075e08769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001055f1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001055cc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800105669c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001056a98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010568f4] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.2 ---- Device \Driver\ajb21hpz \Device\Scsi\ajb21hpz1Port1Path0Target0Lun0 fffffa80059412c0 Device \Driver\ajb21hpz \Device\Scsi\ajb21hpz1 fffffa80059412c0 Device \FileSystem\Ntfs \Ntfs fffffa80023132c0 Device \FileSystem\fastfat \Fat fffffa800862b2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80058802c0 Device \Driver\cdrom \Device\CdRom0 fffffa800555b2c0 Device \Driver\cdrom \Device\CdRom1 fffffa800555b2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{67DC6AD8-38D8-4DD5-AB03-2DD586CBF65F} fffffa80057402c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80058802c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa80059e02c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{CE462B48-2F3C-4A5E-B455-741368B17607} fffffa80057402c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80058802c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{352A183F-8F5E-4104-970F-DC5760AC9A0C} fffffa80057402c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80057402c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80058802c0 Device \Driver\ajb21hpz \Device\ScsiPort1 fffffa80059412c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{3FCD1B8E-75D6-44FE-BF8A-3FDD13A76C41} fffffa80057402c0 ---- Modules - GMER 2.2 ---- Module \SystemRoot\System32\Drivers\ajb21hpz.SYS fffff88005b64000-fffff88005bb5000 (331776 bytes) ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{1B94C6DA-07BE-41D4-A42E-36D7B7BEE692}\Connection@Name isatap.{67DC6AD8-38D8-4DD5-AB03-2DD586CBF65F} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{1CD602E0-A047-4EC0-B911-46302AC5C1BF}\Connection@Name isatap.{3FCD1B8E-75D6-44FE-BF8A-3FDD13A76C41} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{2E85E45D-174E-422E-BF27-352D78F3C79B}?\Device\{1B94C6DA-07BE-41D4-A42E-36D7B7BEE692}?\Device\{6BE2DB0C-F3DA-4B1A-A1C2-4A1BA429E5DF}?\Device\{8A7579A1-879B-4887-829F-8B0B0C73C534}??Device\{8A7579A1-879B-4887-829F-8B0B0C73C534}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{2E85E45D-174E-422E-BF27-352D78F3C79B}"?"{1B94C6DA-07BE-41D4-A42E-36D7B7BEE692}"?"{6BE2DB0C-F3DA-4B1A-A1C2-4A1BA429E5DF}"?"{8A7579A1-879B-4887-829F-8B0B0C73C534}"??{8A7579A1-879B-4887-829F-8B0B0C73C534}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{2E85E45D-174E-422E-BF27-352D78F3C79B}?\Device\TCPIP6TUNNEL_{1B94C6DA-07BE-41D4-A42E-36D7B7BEE692}?\Device\TCPIP6TUNNEL_{6BE2DB0C-F3DA-4B1A-A1C2-4A1BA429E5DF}?\Device\TCPIP6TUNNEL_{8A7579A1-879B-4887-829F-8B0B0C73C534}??Device\TCPIP6TUNNEL_{8A7579A1-879B-4887-829F-8B0B0C73C534}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab43a1b Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab43a1b@60a10aaae5c6 0x78 0x6A 0x05 0xCF ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab43a1b@98d6f7a4bd66 0x63 0xF1 0x00 0x23 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab43a1b@e4ec10eaa18b 0xC2 0x7D 0x6F 0x81 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab43a1b@58482207f696 0xAC 0xEC 0xC0 0xF9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab43a1b@2400baa3fb49 0x16 0x29 0xEB 0x79 ... Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{1B94C6DA-07BE-41D4-A42E-36D7B7BEE692}@InterfaceName isatap.{67DC6AD8-38D8-4DD5-AB03-2DD586CBF65F} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{1B94C6DA-07BE-41D4-A42E-36D7B7BEE692}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2A 0x20 0x7A 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD2 0xB1 0xCB 0x30 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5B 0xF8 0xBA 0x4C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8B 0xB7 0xD9 0x91 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab43a1b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab43a1b@60a10aaae5c6 0x78 0x6A 0x05 0xCF ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab43a1b@98d6f7a4bd66 0x63 0xF1 0x00 0x23 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab43a1b@e4ec10eaa18b 0xC2 0x7D 0x6F 0x81 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab43a1b@58482207f696 0xAC 0xEC 0xC0 0xF9 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab43a1b@2400baa3fb49 0x16 0x29 0xEB 0x79 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7A 0xDB 0x92 0xB4 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD2 0xB1 0xCB 0x30 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5B 0xF8 0xBA 0x4C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8B 0xB7 0xD9 0x91 ... ---- EOF - GMER 2.2 ----