GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-26 11:35:18 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000VM002-9ZL162 rev.SC12 931,51GB Running: yk7jfhkt.exe; Driver: C:\Users\Radek\AppData\Local\Temp\kwddakog.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[2996] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074821a22 2 bytes [82, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2996] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074821ad0 2 bytes [82, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2996] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074821b08 2 bytes [82, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2996] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074821bba 2 bytes [82, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2996] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074821bda 2 bytes [82, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76] .text ... * 2 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x58 0x32 0x5D 0x47 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF9 0xE4 0xC2 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x58 0x32 0x5D 0x47 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF9 0xE4 0xC2 0x02 ... ---- Files - GMER 2.2 ---- ADS C:\Windows\System32\drivers:ucdrv-x64.sys 40424 bytes executable ADS C:\Windows\System32\drivers:x64 721072 bytes executable ADS C:\Windows\System32\drivers:x86 578224 bytes executable ---- EOF - GMER 2.2 ----