GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-08 14:23:31 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB Running: gmer.exe; Driver: C:\Users\Agata\AppData\Local\Temp\fwddakog.sys ---- Kernel code sections - GMER 2.2 ---- PAGE C:\Windows\system32\drivers\ataport.SYS!DllUnload fffff880014534a0 12 bytes {MOV RAX, 0xfffffa800238a2a0; JMP RAX} PAGE C:\Windows\system32\drivers\PCIIDEX.SYS!DllUnload fffff88001474a50 12 bytes {MOV RAX, 0xfffffa8002d292a0; JMP RAX} .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88004c5ed8c 12 bytes {MOV RAX, 0xfffffa800388d2a0; JMP RAX} .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000115600 7 bytes [C0, 5F, F3, FF, 41, 6F, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000115608 3 bytes [C0, 06, 02] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800103b0c0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800103ae4c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800103b838] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800103a600] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800103ba8c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.2 ---- Device \FileSystem\Ntfs \Ntfs fffffa8002d2d2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa800380c2c0 Device \Driver\cdrom \Device\CdRom0 fffffa800360e2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{124A9F15-614F-475B-B4E4-495BF9BADBF9} fffffa80037052c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa800380c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{A8A3C5F9-E5DC-43E3-821F-22660015189D} fffffa80037052c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa800380c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{C0C82222-C508-4947-8977-56F28B02CBFD} fffffa80037052c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80037052c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa800380c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{EACE3F4D-4F6E-48AE-906E-018A2C7A7CC5} fffffa80037052c0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFD 0xE6 0x1B 0x1E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFD 0xE6 0x1B 0x1E ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----