GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-25 09:42:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 SAMSUNG_HD502HI rev.1AG01118 465,76GB Running: g3eefrej.exe; Driver: C:\Users\Adrian\AppData\Local\Temp\uxldrpod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88003c28d8c 12 bytes {MOV RAX, 0xfffffa8002cdd2a0; JMP RAX} ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800106df1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800106dcc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800106e69c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800106ea98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800106e8f4] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa800187f2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa800187f2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa800187f2c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa800187f2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 fffffa800187f2c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa800187f2c0 Device \FileSystem\Ntfs \Ntfs fffffa80018832c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa8002cf72c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8002cf72c0 Device \Driver\cdrom \Device\CdRom0 fffffa8002bd02c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa8002cc62c0 Device \Driver\usbohci \Device\USBPDO-2 fffffa8002cc62c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa8002cf72c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8002cf72c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8002c852c0 Device \Driver\atapi \Device\ScsiPort0 fffffa800187f2c0 Device \Driver\usbohci \Device\USBFDO-2 fffffa8002cc62c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{125C4FAF-8776-4E90-A306-1BB7AC348470} fffffa8002c852c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa8002cc62c0 Device \Driver\atapi \Device\ScsiPort1 fffffa800187f2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa800187f2c0 Device \Driver\atapi \Device\ScsiPort3 fffffa800187f2c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800187f2c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa800187f2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002377680] fffffa8002377680 Trace 3 CLASSPNP.SYS[fffff8800149643f] -> nt!IofCallDriver -> [0xfffffa800229e520] fffffa800229e520 Trace 5 ACPI.sys[fffff88000f3e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa80022a7680] fffffa80022a7680 Trace \Driver\atapi[0xfffffa8002282e70] -> IRP_MJ_CREATE -> 0xfffffa800187f2c0 fffffa800187f2c0 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3531A543-B57D-3BC6-DCA3-B9E41B275812} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3531A543-B57D-3BC6-DCA3-B9E41B275812}@maildnacpdpeldolcojpcadfnp 0x6F 0x61 0x62 0x65 ... ---- EOF - GMER 2.1 ----