GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-09 21:15:19 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000067 SAMSUNG_ rev.FH10 232,88GB Running: 7qtr5x61.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwddakob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fa2000 64 bytes [00, B0, 92, 07, 80, FA, FF, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff80002fa2042 10 bytes [00, 00, 65, 76, 69, 64, 01, ...] .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff880049b8d8c 12 bytes {MOV RAX, 0xfffffa80044952a0; JMP RAX} ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010a3f1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010a3cc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010a469c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010a4a98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010a48f4] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80024962c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80024962c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80024962c0 Device \FileSystem\Ntfs \Ntfs fffffa800249c2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80044b82c0 Device \Driver\nvstor \Device\RaidPort0 fffffa80024982c0 Device \Driver\cdrom \Device\CdRom0 fffffa80035262c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa80044ae2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80044b82c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{2FFC4BF3-8FAA-43CB-8D45-C009A7F7A0F1} fffffa80038bb2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80038bb2c0 Device \Driver\nvstor \Device\00000067 fffffa80024982c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80024962c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa80044ae2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80024962c0 Device \Driver\StarPortLite \Device\StarPortLite fffffa80037722c0 Device \Driver\nvstor \Device\ScsiPort2 fffffa80024982c0 Device \Driver\StarPortLite \Device\ScsiPort3 fffffa80037722c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys >>UNKNOWN [0xfffffa80024982c0]<< sptd.sys storport.sys hal.dll nvstor.sys fffffa80024982c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003501060] fffffa8003501060 Trace 3 CLASSPNP.SYS[fffff8800246943f] -> nt!IofCallDriver -> [0xfffffa8003500be0] fffffa8003500be0 Trace 5 PCTCore64.sys[fffff88001a1c208] -> nt!IofCallDriver -> [0xfffffa8003412e40] fffffa8003412e40 Trace 7 ACPI.sys[fffff88000f8d7a1] -> nt!IofCallDriver -> \Device\00000067[0xfffffa80032925f0] fffffa80032925f0 Trace \Driver\nvstor[0xfffffa80032b9d50] -> IRP_MJ_CREATE -> 0xfffffa80024982c0 fffffa80024982c0 ---- EOF - GMER 2.1 ----