GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-26 11:49:36 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 ST3500320AS rev.SD1A 465,76GB Running: g89754wsx.exe; Driver: h:\Temp\ufldapow.sys ---- Kernel code sections - GMER 2.1 ---- PAGE C:\Windows\system32\drivers\PCIIDEX.SYS!DllUnload fffff88000fb5a50 12 bytes {MOV RAX, 0xfffffa80039ae2a0; JMP RAX} PAGE C:\Windows\system32\drivers\ataport.SYS!DllUnload fffff88000dea4a0 12 bytes {MOV RAX, 0xfffffa80039a62a0; JMP RAX} .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88004679d64 12 bytes {MOV RAX, 0xfffffa8004dd52a0; JMP RAX} .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000173c00 7 bytes [00, 96, F3, FF, 01, A2, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000173c08 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Mened¿er instalacji SolidWorks\BackgroundDownloading\sldBgDwld.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000756e1465 2 bytes [6E, 75] .text C:\Program Files (x86)\Common Files\Mened¿er instalacji SolidWorks\BackgroundDownloading\sldBgDwld.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756e14bb 2 bytes [6E, 75] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010840c0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001083e4c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001084838] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001083600] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff88001084a8c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdePort4 fffffa80039b22c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80039b22c0 Device \Driver\atapi \Device\Ide\IdeDeviceP5T1L0-7 fffffa80039b22c0 Device \Driver\atapi \Device\Ide\IdePort5 fffffa80039b22c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80039b22c0 Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-4 fffffa80039b22c0 Device \Driver\atapi \Device\Ide\IdeDeviceP6T0L0-c fffffa80039b22c0 Device \Driver\atapi \Device\Ide\IdePort6 fffffa80039b22c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80039b22c0 Device \Driver\atapi \Device\Ide\IdePort7 fffffa80039b22c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa80039b22c0 Device \FileSystem\Ntfs \Ntfs fffffa80039b62c0 Device \FileSystem\fastfat \Fat fffffa8005de82c0 Device \Driver\atapi \Device\ScsiPort7 fffffa80039b22c0 Device \Driver\usbehci \Device\USBPDO-5 fffffa8004f202c0 Device \Driver\usbohci \Device\USBFDO-3 fffffa8004dee2c0 Device \Driver\usbohci \Device\USBPDO-1 fffffa8004dee2c0 Device \Driver\cdrom \Device\CdRom0 fffffa8004bd42c0 Device \Driver\usbohci \Device\USBFDO-4 fffffa8004dee2c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa8004dee2c0 Device \Driver\usbohci \Device\USBPDO-2 fffffa8004dee2c0 Device \Driver\usbehci \Device\USBFDO-5 fffffa8004f202c0 Device \Driver\usbohci \Device\USBPDO-3 fffffa8004dee2c0 Device \Driver\usbohci \Device\USBFDO-1 fffffa8004dee2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004d362c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa8004dee2c0 Device \Driver\usbohci \Device\USBFDO-2 fffffa8004dee2c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80039b22c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa8004dee2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80039b22c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80039b22c0 Device \Driver\atapi \Device\ScsiPort3 fffffa80039b22c0 Device \Driver\atapi \Device\ScsiPort4 fffffa80039b22c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{5475AB53-0C41-4583-9CF5-DE87FBDAD530} fffffa8004d362c0 Device \Driver\atapi \Device\ScsiPort5 fffffa80039b22c0 Device \Driver\atapi \Device\ScsiPort6 fffffa80039b22c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt61.sys ACPI.sys >>UNKNOWN [0xfffffa80039b22c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80039b22c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004aa3060] fffffa8004aa3060 Trace 3 CLASSPNP.SYS[fffff88001b0443f] -> nt!IofCallDriver -> [0xfffffa8004927a40] fffffa8004927a40 Trace 5 vsflt61.sys[fffff88000f3d0fd] -> nt!IofCallDriver -> [0xfffffa8004444520] fffffa8004444520 Trace 7 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8004442680] fffffa8004442680 Trace \Driver\atapi[0xfffffa8003af4e70] -> IRP_MJ_CREATE -> 0xfffffa80039b22c0 fffffa80039b22c0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) ---- EOF - GMER 2.1 ----