GMER 2.1.18952 - http://www.gmer.net Rootkit scan 2014-05-29 23:42:57 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000064 Hitachi_ rev.FB4O 298,09GB Running: drd4pg0f.exe; Driver: C:\Users\arek\AppData\Local\Temp\kftcqaog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ca1465 2 bytes [CA, 76] .text C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe[1588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ca14bb 2 bytes [CA, 76] .text ... * 2 .text C:\Windows\AsScrPro.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ca1465 2 bytes [CA, 76] .text C:\Windows\AsScrPro.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ca14bb 2 bytes [CA, 76] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800104ee94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800104ec38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800104f614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800104fa10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800104f86c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa8003fe62c0 Device \FileSystem\fastfat \Fat fffffa8009c3c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{0CCF9BF9-9665-40B8-A36B-C92379956AAB} fffffa80047d62c0 Device \Driver\nvstor64 \Device\00000064 fffffa80036a92c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80051902c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{F9D9E6D3-BB9E-4E66-ACBB-B5708D7262AD} fffffa80047d62c0 Device \Driver\nvstor64 \Device\RaidPort0 fffffa80036a92c0 Device \Driver\cdrom \Device\CdRom0 fffffa80047d22c0 Device \Driver\USBSTOR \Device\00000080 fffffa8009c3f2c0 Device \Driver\nvstor64 \Device\00000065 fffffa80036a92c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa80051862c0 Device \Driver\USBSTOR \Device\00000081 fffffa8009c3f2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D97C6001-D3D6-4F98-95F3-8AD4FD41FA6D} fffffa80047d62c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80051902c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80047d62c0 Device \Driver\nvstor64 \Device\ScsiPort0 fffffa80036a92c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa80051862c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80036a92c0]<< sptd.sys storport.sys hal.dll nvstor64.sys fffffa80036a92c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045db060] fffffa80045db060 Trace 3 CLASSPNP.SYS[fffff8800163b43f] -> nt!IofCallDriver -> [0xfffffa80047c3c40] fffffa80047c3c40 Trace 5 ACPI.sys[fffff880011757a1] -> nt!IofCallDriver -> \Device\00000064[0xfffffa800408c7e0] fffffa800408c7e0 Trace \Driver\nvstor64[0xfffffa8004089ac0] -> IRP_MJ_CREATE -> 0xfffffa80036a92c0 fffffa80036a92c0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 23872 ---- EOF - GMER 2.1 ----