GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-20 16:00:28 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 SAMSUNG_HD321KJ rev.CP100-12 298,09GB Running: u3y1jv1g.exe; Driver: G:\Users\PP98A7~1.LES\AppData\Local\Temp\fglyapow.sys ---- Kernel code sections - GMER 2.1 ---- .text G:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88002f61d8c 12 bytes {MOV RAX, 0xfffffa8004beb2a0; JMP RAX} ---- Kernel IAT/EAT - GMER 2.1 ---- IAT G:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff880010cc770] \SystemRoot\System32\Drivers\spzm.sys [unknown section] IAT G:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff880010cc6fc] \SystemRoot\System32\Drivers\spzm.sys [unknown section] IAT G:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800109135c] \SystemRoot\System32\Drivers\spzm.sys [unknown section] IAT G:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001091224] \SystemRoot\System32\Drivers\spzm.sys [unknown section] IAT G:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001091a24] \SystemRoot\System32\Drivers\spzm.sys [unknown section] IAT G:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff88001091ba0] \SystemRoot\System32\Drivers\spzm.sys [unknown section] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdePort4 fffffa80046832c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80046832c0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-1 fffffa80046832c0 Device \Driver\atapi \Device\Ide\IdePort5 fffffa80046832c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80046832c0 Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-8 fffffa80046832c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80046832c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 fffffa80046832c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa80046832c0 Device \FileSystem\Ntfs \Ntfs fffffa80046872c0 Device \Driver\usbehci \Device\USBFDO-7 fffffa8004c162c0 Device \Driver\usbuhci \Device\USBPDO-5 fffffa8004bf62c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa8004c162c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{24EF1977-E43A-48E5-AB25-FB1E776D56DF} fffffa8004abf2c0 Device \Driver\usbuhci \Device\USBPDO-1 fffffa8004bf62c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{B2999FCA-199B-445B-89BA-DEA8E2289A60} fffffa8004abf2c0 Device \Driver\cdrom \Device\CdRom0 fffffa8004c242c0 Device \Driver\cdrom \Device\CdRom1 fffffa8004c242c0 Device \Driver\usbuhci \Device\USBPDO-6 fffffa8004bf62c0 Device \Driver\usbuhci \Device\USBFDO-4 fffffa8004bf62c0 Device \Driver\usbuhci \Device\USBFDO-0 fffffa8004bf62c0 Device \Driver\usbuhci \Device\USBPDO-2 fffffa8004bf62c0 Device \Driver\usbehci \Device\USBPDO-7 fffffa8004c162c0 Device \Driver\usbuhci \Device\USBFDO-5 fffffa8004bf62c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa8004c162c0 Device \Driver\usbuhci \Device\USBFDO-1 fffffa8004bf62c0 Device \Driver\volmgr \Device\HarddiskVolume1 fffffa800467f2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{1A52C8FE-E682-4BB8-92E9-253F26FEE971} fffffa8004abf2c0 Device \Driver\volmgr \Device\FtControl fffffa800467f2c0 Device \Driver\volmgr \Device\VolMgrControl fffffa800467f2c0 Device \Driver\volmgr \Device\HarddiskVolume2 fffffa800467f2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{8018F1B0-BFDE-426F-9058-A8D900ED95D4} fffffa8004abf2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004abf2c0 Device \Driver\usbuhci \Device\USBFDO-6 fffffa8004bf62c0 Device \Driver\usbuhci \Device\USBPDO-4 fffffa8004bf62c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80046832c0 Device \Driver\usbuhci \Device\USBFDO-2 fffffa8004bf62c0 Device \Driver\usbuhci \Device\USBPDO-0 fffffa8004bf62c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80046832c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80046832c0 Device \Driver\atapi \Device\ScsiPort3 fffffa80046832c0 Device \Driver\atapi \Device\ScsiPort4 fffffa80046832c0 Device \Driver\atapi \Device\ScsiPort5 fffffa80046832c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80046832c0]<< spzm.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80046832c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800496a060] fffffa800496a060 Trace 3 CLASSPNP.SYS[fffff880013cf43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa80047e5060] fffffa80047e5060 Trace \Driver\atapi[0xfffffa80047bf440] -> IRP_MJ_CREATE -> 0xfffffa80046832c0 fffffa80046832c0 ---- EOF - GMER 2.1 ----