GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-12 09:29:32 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HDS721680PLA380 rev.P21OABBA 74,54GB Running: miv2fopx.exe; Driver: C:\Users\Dell\AppData\Local\Temp\fwrciaob.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076611465 2 bytes [61, 76] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766114bb 2 bytes [61, 76] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010a0e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010a0c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010a1654] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010a1a50] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010a18ac] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdePort4 fffffa8007ef82c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa8007ef82c0 Device \Driver\atapi \Device\Ide\IdePort5 fffffa8007ef82c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa8007ef82c0 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-5 fffffa8007ef82c0 Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-6 fffffa8007ef82c0 Device \Driver\atapi \Device\Ide\IdePort6 fffffa8007ef82c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa8007ef82c0 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 fffffa8007ef82c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa8007ef82c0 Device \Driver\a42fkqx5 \Device\Scsi\a42fkqx51Port7Path0Target1Lun0 fffffa80096562c0 Device \Driver\a42fkqx5 \Device\Scsi\a42fkqx51Port7Path0Target0Lun0 fffffa80096562c0 Device \Driver\a42fkqx5 \Device\Scsi\a42fkqx51 fffffa80096562c0 Device \FileSystem\Ntfs \Ntfs fffffa8007efe2c0 Device \Driver\a42fkqx5 \Device\ScsiPort7 fffffa80096562c0 Device \Driver\usbuhci \Device\USBFDO-3 fffffa80095e12c0 Device \Driver\usbuhci \Device\USBPDO-1 fffffa80095e12c0 Device \Driver\cdrom \Device\CdRom0 fffffa80090ff2c0 Device \Driver\cdrom \Device\CdRom1 fffffa80090ff2c0 Device \Driver\cdrom \Device\CdRom2 fffffa80090ff2c0 Device \Driver\usbehci \Device\USBFDO-4 fffffa80096082c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{97C53309-FA70-4766-8836-FC037DCB7391} fffffa80092c72c0 Device \Driver\usbuhci \Device\USBFDO-0 fffffa80095e12c0 Device \Driver\usbuhci \Device\USBPDO-2 fffffa80095e12c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{EC2518D0-A437-46D5-B0ED-9AFBD7615602} fffffa80092c72c0 Device \Driver\usbuhci \Device\USBPDO-3 fffffa80095e12c0 Device \Driver\usbuhci \Device\USBFDO-1 fffffa80095e12c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80092c72c0 Device \Driver\usbehci \Device\USBPDO-4 fffffa80096082c0 Device \Driver\atapi \Device\ScsiPort0 fffffa8007ef82c0 Device \Driver\usbuhci \Device\USBFDO-2 fffffa80095e12c0 Device \Driver\usbuhci \Device\USBPDO-0 fffffa80095e12c0 Device \Driver\atapi \Device\ScsiPort1 fffffa8007ef82c0 Device \Driver\atapi \Device\ScsiPort2 fffffa8007ef82c0 Device \Driver\atapi \Device\ScsiPort3 fffffa8007ef82c0 Device \Driver\atapi \Device\ScsiPort4 fffffa8007ef82c0 Device \Driver\atapi \Device\ScsiPort5 fffffa8007ef82c0 Device \Driver\atapi \Device\ScsiPort6 fffffa8007ef82c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8007ef82c0]<< sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa8007ef82c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8009089060] fffffa8009089060 Trace 3 CLASSPNP.SYS[fffff88001b9043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa80089791f0] fffffa80089791f0 Trace \Driver\atapi[0xfffffa8008939e70] -> IRP_MJ_CREATE -> 0xfffffa8007ef82c0 fffffa8007ef82c0 ---- Modules - GMER 2.2 ---- Module \SystemRoot\System32\Drivers\a42fkqx5.SYS fffff88004000000-fffff8800404d000 (315392 bytes) ---- Threads - GMER 2.2 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1764:2928] 000007fefb7d2ab8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1764:2480] 000007fef7565124 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5A 0x0B 0xAA 0x14 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x13 0x8B 0xC2 0x4A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x6F 0xB6 0x7D 0x40 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x23 0x10 0xB3 0x19 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5A 0x0B 0xAA 0x14 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x13 0x8B 0xC2 0x4A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x6F 0xB6 0x7D 0x40 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x23 0x10 0xB3 0x19 ... ---- EOF - GMER 2.2 ----