GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-06 14:44:32 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0001 465,76GB Running: wesbnhul.exe; Driver: C:\Users\Ola\AppData\Local\Temp\uxriqpow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\windows\system32\drivers\USBPORT.SYS!DllUnload fffff880073c3dac 12 bytes {MOV RAX, 0xfffffa8007aad2a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Avast\avastui.exe[5436] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075a78791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800106fed8] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800106fc7c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001070658] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001070a54] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010708b0] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa80043042c0 Device \FileSystem\fastfat \Fat fffffa8007ad22c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{8397D2BA-0B05-4536-8BBC-F571C82A4284} fffffa8007a052c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{21407BA0-095B-41A3-907E-168ABAD62C30} fffffa8007a052c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8007c4a2c0 Device \Driver\cdrom \Device\CdRom0 fffffa800791d2c0 Device \Driver\cdrom \Device\CdRom1 fffffa800791d2c0 Device \Driver\cdrom \Device\CdRom2 fffffa800791d2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8007c4a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D24CCAC6-6D3C-4879-BA48-E28ECE2D0C44} fffffa8007a052c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa80069ae2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{94A77170-A62A-42C7-8639-E90AC14676F7} fffffa8007a052c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{28DC0D39-C304-4A10-ACED-AF2A2FAF9B05} fffffa8007a052c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8007c4a2c0 Device \Driver\dtsoftbus01 \Device\00000072 fffffa80069ae2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007a052c0 Device \Driver\dtsoftbus01 \Device\00000073 fffffa80069ae2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8007c4a2c0 ---- Threads - GMER 2.1 ---- Thread C:\windows\SysWOW64\ntdll.dll [5384:4444] 0000000000052f9e Thread [4808:3852] 0000000077a02e65 Thread [4808:1608] 0000000077a03e85 Thread [4808:2360] 0000000077067587 Thread C:\windows\SysWOW64\ntdll.dll [848:6556] 000000000098f1dd Thread C:\windows\SysWOW64\ntdll.dll [848:3692] 0000000000990021 Thread C:\windows\SysWOW64\ntdll.dll [848:5760] 0000000000990021 Thread C:\windows\SysWOW64\ntdll.dll [848:6408] 0000000062be17a4 Thread C:\windows\System32\svchost.exe [7188:7744] 000007fef2d69688 Thread C:\windows\SysWOW64\ntdll.dll [7612:7616] 00000000005b3e88 Thread C:\windows\SysWOW64\ntdll.dll [7612:7632] 00000000005b555d Thread C:\windows\SysWOW64\ntdll.dll [7612:7636] 00000000005b555d Thread C:\windows\SysWOW64\ntdll.dll [7612:7644] 00000000005b555d Thread C:\windows\SysWOW64\ntdll.dll [7612:7648] 00000000005b555d Thread C:\windows\SysWOW64\ntdll.dll [7612:7652] 00000000005b555d Thread C:\windows\SysWOW64\ntdll.dll [7612:7656] 00000000005b555d Thread C:\windows\SysWOW64\ntdll.dll [7612:7660] 00000000005b555d Thread C:\windows\SysWOW64\ntdll.dll [7612:7664] 00000000005b555d Thread C:\windows\SysWOW64\ntdll.dll [7612:7668] 00000000005b555d Thread C:\windows\SysWOW64\ntdll.dll [7612:7672] 00000000005b555d ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289cb5371 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289cb5371@b462939609a4 0x30 0xD3 0xE1 0xCC ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737048afc Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Users\Ola\Desktop\Nowy folder\Deamon Tools\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289cb5371 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289cb5371@b462939609a4 0x30 0xD3 0xE1 0xCC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc7737048afc (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Users\Ola\Desktop\Nowy folder\Deamon Tools\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 ---- Files - GMER 2.1 ---- File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000006.bin 7417 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000007.bin 131 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000009.bin 337 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000000a.bin 3531 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000000b.bin 2851 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000000c.bin 186 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000000d.bin 183 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000000e.bin 199 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000000f.bin 4316 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000010.bin 194 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000011.bin 200 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000012.bin 160 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000013.bin 2636 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000014.bin 310 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000015.bin 226 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000017.bin 3985 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000018.bin 241 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000019.bin 131 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000001a.bin 148 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000001b.bin 1310 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000001c.bin 294 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000001d.bin 388 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000001e.bin 183 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000001f.bin 3911 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000020.bin 165 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000021.bin 209 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000022.bin 131 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000023.bin 2524 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000024.bin 2424 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000025.bin 245 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000000.bin 224 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000001.bin 318 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000002.bin 497 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000003.bin 7626 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000004.bin 266 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000027.bin 244 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000028.bin 1762 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000029.bin 165 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000002a.bin 148 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000002b.bin 176 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000002c.bin 175 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000002d.bin 1112 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000002e.bin 3033 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000002f.bin 191 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000030.bin 234 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000031.bin 239 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000032.bin 1138 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000033.bin 187 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000034.bin 197 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000035.bin 148 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000037.bin 1498 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000038.bin 255 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000039.bin 2831 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000003b.bin 1818 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000003c.bin 186 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000003d.bin 223 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000003e.bin 158 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg151229010000003f.bin 246 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000040.bin 1425 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000042.bin 294 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000043.bin 148 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000044.bin 156 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000045.bin 199 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000046.bin 4530 bytes File C:\Program Files\Avast\defs\15122901_stream\pkg1512290100000047.bin 148 bytes ---- EOF - GMER 2.1 ----