GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-07-10 15:25:57 Windows 6.0.6002 Service Pack 2 Running: fp91jxti.exe ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002243cbd7a2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002243cbd7a2@00224d080880 0x46 0xDF 0xFE 0xC2 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002243cbd7a2@001c43bff1de 0x3E 0xAB 0x07 0x2C ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002243cbd7a2@001adcea00a3 0x45 0x31 0x4B 0x9D ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002243cbd7a2@d4e8b2907454 0x36 0x9B 0x19 0x5F ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002243cbd7a2@001fe474a5df 0x63 0x3A 0x15 0x79 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002243cbd7a2@5c57c8e19d0f 0x33 0xE1 0x4E 0xC1 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002243cbd7a2@6c9b02b5f701 0xB5 0xFB 0xBF 0x11 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002243cbd7a2@a0f419e401d6 0x26 0xE8 0x3A 0x68 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002243cbd7a2@e4ec105f1796 0xF3 0xE3 0xA5 0x65 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002243cbd7a2@3657ec2a5ff8 0x04 0x30 0x32 0xDA ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB0 0xB4 0x30 0x54 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x07 0x97 0x31 0xC8 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x02 0x3F 0x0F 0x76 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF5 0xA3 0xB8 0x58 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x42 0xD9 0x8C 0xFA ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4F 0xE7 0x7A 0xD0 ... Reg HKLM\SYSTEM\ControlSet003\Services\aswRvrt\Parameters\Instup_14991606234402302@SetupOperations ????ba??????????? ????????????????????? ????????????????????? ????????????????????? ?????????????????????????k???????????????????????9?????t0.??Package?????????????? ????????????????????? ????????????????????????????????????????????????????????????????????? ????????????????????? ????????????????????????????????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????system32\DRIVERS\bthpan.sys?????????????????????? ?????????????????????H??"??????????????????r??????????????????????????????????????????????????????????????????????????????????????????????????????????????@%systemroot%\system32\rascfg.dll,-32000??????????????????????????????????????????????$??????????????????????????)???????????????j???o??????????????????????Av??????????? ?????t E??avast! VM Monitor???????????????????????\\?\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_Sony&Prod_DSC&Rev_1.00#C6B2702C5179&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}????Urz?dzenie Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243cbd7a2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243cbd7a2@00224d080880 0x46 0xDF 0xFE 0xC2 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243cbd7a2@001c43bff1de 0x3E 0xAB 0x07 0x2C ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243cbd7a2@001adcea00a3 0x45 0x31 0x4B 0x9D ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243cbd7a2@d4e8b2907454 0x36 0x9B 0x19 0x5F ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243cbd7a2@001fe474a5df 0x63 0x3A 0x15 0x79 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243cbd7a2@5c57c8e19d0f 0x33 0xE1 0x4E 0xC1 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243cbd7a2@a0f419e401d6 0x26 0xE8 0x3A 0x68 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243cbd7a2@e4ec105f1796 0xF3 0xE3 0xA5 0x65 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243cbd7a2@3657ec2a5ff8 0x04 0x30 0x32 0xDA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x76 0x41 0x1D 0x5A ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x07 0x97 0x31 0xC8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x02 0x3F 0x0F 0x76 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x84 0x99 0xE0 0x37 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x42 0xD9 0x8C 0xFA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7D 0x77 0x40 0xD9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14991606234402302@SetupOperations ??????????????????????????????????????????????`????????????????r????????????????? ????????????????????? ????????????????????????????Commited????????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? ????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243cbd7a2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243cbd7a2@00224d080880 0x46 0xDF 0xFE 0xC2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243cbd7a2@001c43bff1de 0x3E 0xAB 0x07 0x2C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243cbd7a2@001adcea00a3 0x45 0x31 0x4B 0x9D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243cbd7a2@d4e8b2907454 0x36 0x9B 0x19 0x5F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243cbd7a2@001fe474a5df 0x63 0x3A 0x15 0x79 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243cbd7a2@5c57c8e19d0f 0x33 0xE1 0x4E 0xC1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243cbd7a2@a0f419e401d6 0x26 0xE8 0x3A 0x68 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243cbd7a2@e4ec105f1796 0xF3 0xE3 0xA5 0x65 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243cbd7a2@3657ec2a5ff8 0x04 0x30 0x32 0xDA ... ---- Files - GMER 2.2 ---- File C:\ADSM_PData_0150 0 bytes File C:\ADSM_PData_0150\DB 0 bytes File C:\ADSM_PData_0150\DB\SI.db 624 bytes File C:\ADSM_PData_0150\DB\UL.db 1040 bytes File C:\ADSM_PData_0150\DB\VL.db 6160 bytes File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable File C:\ADSM_PData_0150\_avt 512 bytes ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x76 0x41 0x1D 0x5A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x07 0x97 0x31 0xC8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x02 0x3F 0x0F 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x84 0x99 0xE0 0x37 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x42 0xD9 0x8C 0xFA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7D 0x77 0x40 0xD9 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109610051400000000000F01FEC\Usage@EXCELFilesIntl_1045 1256855916 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119410000000000000000F01FEC\Usage@EXCELFiles 1256889291 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119410000000000000000F01FEC\Usage@ProductFiles 1256874203 ---- Files - GMER 2.2 ---- File C:\Users\Kamil\Safe Doc 0 bytes File C:\Users\Kamil\Safe Doc\_avt 512 bytes File C:\Users\Kamil\Safe Doc\_lit 512 bytes ---- Registry - GMER 2.2 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU ---- Files - GMER 2.2 ---- File C:\ADSM_PData_0150 0 bytes File C:\ADSM_PData_0150\DB 0 bytes File C:\ADSM_PData_0150\DB\SI.db 624 bytes File C:\ADSM_PData_0150\DB\UL.db 1040 bytes File C:\ADSM_PData_0150\DB\VL.db 6160 bytes File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable File C:\ADSM_PData_0150\_avt 512 bytes File C:\Users\Kamil\Safe Music 0 bytes File C:\Users\Kamil\Safe Music\_avt 512 bytes File C:\Users\Kamil\Safe Music\_lit 512 bytes File C:\Users\Kamil\Safe Video 0 bytes File C:\Users\Kamil\Safe Video\_avt 512 bytes File C:\Users\Kamil\Safe Video\_lit 512 bytes File C:\Users\Kamil\Safe Doc 0 bytes File C:\Users\Kamil\Safe Doc\_avt 512 bytes File C:\Users\Kamil\Safe Doc\_lit 512 bytes File C:\Users\Kamil\Safe Music 0 bytes File C:\Users\Kamil\Safe Music\_avt 512 bytes File C:\Users\Kamil\Safe Music\_lit 512 bytes File C:\Users\Kamil\Safe Video 0 bytes File C:\Users\Kamil\Safe Video\_avt 512 bytes File C:\Users\Kamil\Safe Video\_lit 512 bytes ---- EOF - GMER 2.2 ----