GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-14 09:44:01 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EARX-00N0YB0 rev.51.0AB51 931,51GB Running: ln1pbe9y.exe; Driver: C:\Users\MISTRZ\AppData\Local\Temp\kwtoyaow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[2120] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000723f1a22 2 bytes [3F, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2120] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000723f1ad0 2 bytes [3F, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2120] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000723f1b08 2 bytes [3F, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2120] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000723f1bba 2 bytes [3F, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2120] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000723f1bda 2 bytes [3F, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074db1465 2 bytes [DB, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074db14bb 2 bytes [DB, 74] .text ... * 2 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074db1465 2 bytes [DB, 74] .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074db14bb 2 bytes [DB, 74] .text ... * 2 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2768] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000075fa4516 5 bytes JMP 0000000100150800 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2768] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074db1465 2 bytes [DB, 74] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2768] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074db14bb 2 bytes [DB, 74] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001080e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001080c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001081614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001081a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800108186c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa8006cca2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa8006cca2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 fffffa8006cca2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa8006cca2c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa8006cca2c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa8006cca2c0 Device \Driver\a9tpg0d9 \Device\Scsi\a9tpg0d91 fffffa80088fa2c0 Device \FileSystem\Ntfs \Ntfs fffffa8006cce2c0 Device \Driver\USBSTOR \Device\0000007e fffffa800945d2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80088a32c0 Device \Driver\USBSTOR \Device\00000080 fffffa800945d2c0 Device \Driver\cdrom \Device\CdRom0 fffffa8007e042c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80088a32c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{4D9CEEB1-BF15-40B5-8C9A-B5CCD2D59038} fffffa80086442c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80088a32c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80086442c0 Device \Driver\atapi \Device\ScsiPort0 fffffa8006cca2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80088a32c0 Device \Driver\atapi \Device\ScsiPort1 fffffa8006cca2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa8006cca2c0 Device \Driver\atapi \Device\ScsiPort3 fffffa8006cca2c0 Device \Driver\a9tpg0d9 \Device\ScsiPort4 fffffa80088fa2c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8006cca2c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa8006cca2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dbd060] fffffa8007dbd060 Trace 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8007aec520] fffffa8007aec520 Trace 5 ACPI.sys[fffff880011a77a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007aee060] fffffa8007aee060 Trace \Driver\atapi[0xfffffa8007adb6a0] -> IRP_MJ_CREATE -> 0xfffffa8006cca2c0 fffffa8006cca2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\a9tpg0d9.SYS fffff8800471c000-fffff8800475e000 (270336 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFE 0xA8 0x6B 0xC8 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFE 0xA8 0x6B 0xC8 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... ---- EOF - GMER 2.1 ----