GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-21 20:23:52 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 KINGSTON_SV300S37A120G rev.521ABBF0 111,79GB Running: urpph9pl.com; Driver: C:\Users\Krystian\AppData\Local\Temp\pgddqpoc.sys ---- User code sections - GMER 2.1 ---- .text E:\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f51465 2 bytes [F5, 76] .text E:\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f514bb 2 bytes [F5, 76] .text ... * 2 .text E:\Programy\Malwarebytes Anti-Malware\mbam.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f51465 2 bytes [F5, 76] .text E:\Programy\Malwarebytes Anti-Malware\mbam.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f514bb 2 bytes [F5, 76] .text ... * 2 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2548] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 0000000076f51465 2 bytes [F5, 76] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2548] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 0000000076f514bb 2 bytes [F5, 76] .text ... * 2 .text E:\Programy\TC PowerPack 2\totalcmd.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f51465 2 bytes [F5, 76] .text E:\Programy\TC PowerPack 2\totalcmd.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f514bb 2 bytes [F5, 76] .text ... * 2 .text C:\Users\Krystian\Downloads\OTL(1).com[3616] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000076f51465 2 bytes [F5, 76] .text C:\Users\Krystian\Downloads\OTL(1).com[3616] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000076f514bb 2 bytes [F5, 76] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001019e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001019c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800101a614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800101aa10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800101a86c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdePort4 fffffa800c8f52c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa800c8f52c0 Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-5 fffffa800c8f52c0 Device \Driver\atapi \Device\Ide\IdeDeviceP5T1L0-6 fffffa800c8f52c0 Device \Driver\atapi \Device\Ide\IdePort5 fffffa800c8f52c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa800c8f52c0 Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-4 fffffa800c8f52c0 Device \Driver\atapi \Device\Ide\IdePort6 fffffa800c8f52c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa800c8f52c0 Device \Driver\atapi \Device\Ide\IdePort7 fffffa800c8f52c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa800c8f52c0 Device \Driver\aszec5o7 \Device\Scsi\aszec5o71Port8Path0Target0Lun0 fffffa800dc222c0 Device \Driver\aszec5o7 \Device\Scsi\aszec5o71 fffffa800dc222c0 Device \FileSystem\Ntfs \Ntfs fffffa800c8f92c0 Device \Driver\atapi \Device\ScsiPort7 fffffa800c8f52c0 Device \Driver\aszec5o7 \Device\ScsiPort8 fffffa800dc222c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa800dae72c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{CC9B40F7-6F7F-4AD6-B219-69F6FB5F537B} fffffa800d2142c0 Device \Driver\cdrom \Device\CdRom0 fffffa800d1872c0 Device \Driver\cdrom \Device\CdRom1 fffffa800d1872c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa800dae72c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa800dae72c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{B66895E4-9033-43CB-88A0-83B0EF1DBB93} fffffa800d2142c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800d2142c0 Device \Driver\atapi \Device\ScsiPort0 fffffa800c8f52c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa800dae72c0 Device \Driver\atapi \Device\ScsiPort1 fffffa800c8f52c0 Device \Driver\atapi \Device\ScsiPort2 fffffa800c8f52c0 Device \Driver\atapi \Device\ScsiPort3 fffffa800c8f52c0 Device \Driver\atapi \Device\ScsiPort4 fffffa800c8f52c0 Device \Driver\atapi \Device\ScsiPort5 fffffa800c8f52c0 Device \Driver\atapi \Device\ScsiPort6 fffffa800c8f52c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800c8f52c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa800c8f52c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d020790] fffffa800d020790 Trace 3 CLASSPNP.SYS[fffff8800121743f] -> nt!IofCallDriver -> [0xfffffa800cde5580] fffffa800cde5580 Trace 5 ACPI.sys[fffff880011407a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa800cde7060] fffffa800cde7060 Trace \Driver\atapi[0xfffffa800cda7ae0] -> IRP_MJ_CREATE -> 0xfffffa800c8f52c0 fffffa800c8f52c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\aszec5o7.SYS fffff8800507a000-fffff880050cb000 (331776 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\Programy\Daemon Tools\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0B 0xA0 0x3E 0xE5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA2 0xDC 0x04 0x38 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8F 0x39 0x31 0x87 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\Programy\Daemon Tools\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0B 0xA0 0x3E 0xE5 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA2 0xDC 0x04 0x38 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8F 0x39 0x31 0x87 ... ---- EOF - GMER 2.1 ----