GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-25 15:59:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465,76GB Running: 0myi4fe1.exe; Driver: C:\Users\Wolny\AppData\Local\Temp\awddakod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff880047acd64 12 bytes {MOV RAX, 0xfffffa8009dfe2a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000735f1a22 2 bytes [5F, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000735f1ad0 2 bytes [5F, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000735f1b08 2 bytes [5F, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000735f1bba 2 bytes [5F, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000735f1bda 2 bytes [5F, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076631465 2 bytes [63, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766314bb 2 bytes [63, 76] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010abf1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010abcc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010ac69c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010aca98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010ac8f4] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortCopyMemory] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortGetPhysicalAddress] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortReadRegisterUlong] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortInitializeEx] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortDeviceStateChange] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortEtwTraceLog] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortRegistryFreeBuffer] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortGetBusData] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortRegistryRead] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortRequestCallback] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortStallExecution] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortGetUnCachedExtension] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortReadRegisterUchar] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortBuildRequestSenseIrb] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortReleaseRequestSenseIrb] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortCompleteRequest] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortNotification] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortGetDeviceBase] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortGetScatterGatherList] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortRegistryAllocateBuffer] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[PCIIDEX.SYS!AtaPortWriteRegisterUlong] [?] IAT C:\Windows\System32\Drivers\abqz7vdk.SYS[NTOSKRNL.exe!KeBugCheckEx] [?] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortCopyMemory] [?] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortGetPhysicalAddress] [?] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortReadRegisterUlong] [?] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortInitializeEx] [?] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortDeviceStateChange] [?] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortEtwTraceLog] [?] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortRegistryFreeBuffer] [?] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortGetBusData] [?] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortRegistryRead] [?] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortRequestCallback] [?] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortStallExecution] [ffffb0a015ff5024] [unknown section] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortGetUnCachedExtension] [fffffa60e8cb8b48] [unknown section] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortReadRegisterUchar] [?] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortBuildRequestSenseIrb] [fff9c3e8d2330000] [unknown section] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortReleaseRequestSenseIrb] [fffa47e8cb8b48ff] [unknown section] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortCompleteRequest] [?] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortNotification] [?] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortGetDeviceBase] [?] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortGetScatterGatherList] [?] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortRegistryAllocateBuffer] [?] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[PCIIDEX.SYS!AtaPortWriteRegisterUlong] [?] IAT C:\Windows\System32\Drivers\a8o2786k.SYS[NTOSKRNL.exe!KeBugCheckEx] [?] ---- Devices - GMER 2.1 ---- Device \Driver\a8o2786k \Device\Scsi\a8o2786k1Port2Path0Target0Lun0 fffffa800a1e92c0 Device \Driver\abqz7vdk \Device\Scsi\abqz7vdk1 fffffa800a1912c0 Device \Driver\a8o2786k \Device\Scsi\a8o2786k1 fffffa800a1e92c0 Device \Driver\abqz7vdk \Device\Scsi\abqz7vdk1Port1Path0Target0Lun0 fffffa800a1912c0 Device \FileSystem\Ntfs \Ntfs fffffa80079432c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8009dfc2c0 Device \Driver\cdrom \Device\CdRom0 fffffa8009a562c0 Device \Driver\cdrom \Device\CdRom1 fffffa8009a562c0 Device \Driver\cdrom \Device\CdRom2 fffffa8009a562c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8009dfc2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{71095D71-191C-4705-B015-F0FFDBA1E90A} fffffa8009cce2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8009dfc2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{5C412DC2-BD48-428F-85B9-01BC3FCB2CA0} fffffa8009cce2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8009cce2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{E81F03FE-7E74-439F-9C14-212603B15DA2} fffffa8009cce2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D4D84075-8265-410A-970E-E3B4F889B741} fffffa8009cce2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8009dfc2c0 Device \Driver\abqz7vdk \Device\ScsiPort1 fffffa800a1912c0 Device \Driver\a8o2786k \Device\ScsiPort2 fffffa800a1e92c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\abqz7vdk.SYS (MS AHCI 1.0 Standard Driver/Microsoft Corporation SIGNED)(2010-11-21 03:23:47) fffff88004800000-fffff88004843000 (274432 bytes) Module \SystemRoot\System32\Drivers\a8o2786k.SYS (MS AHCI 1.0 Standard Driver/Microsoft Corporation SIGNED)(2010-11-21 03:23:47) fffff88005d54000-fffff88005da5000 (331776 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68dca3a3 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68dca3a3@001fcc7578c6 0x62 0xB2 0xCE 0xA2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB1 0xB5 0x96 0x63 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x20 0xDB 0x27 0xC3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7F 0xF7 0x28 0x7D ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD9 0xE5 0xA3 0xC0 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x97 0xB1 0x60 0x9A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0xBA 0x15 0x33 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68dca3a3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68dca3a3@001fcc7578c6 0x62 0xB2 0xCE 0xA2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB1 0xB5 0x96 0x63 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x20 0xDB 0x27 0xC3 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7F 0xF7 0x28 0x7D ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD9 0xE5 0xA3 0xC0 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x97 0xB1 0x60 0x9A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0xBA 0x15 0x33 ... ---- EOF - GMER 2.1 ----