GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-17 20:50:36 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST160LT0 rev.0001 149,05GB Running: jhnmqgsg.exe; Driver: C:\Users\Samsung\AppData\Local\Temp\pxriqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\XTab\ProtectService.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077251465 2 bytes [25, 77] .text C:\Program Files (x86)\XTab\ProtectService.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772514bb 2 bytes [25, 77] .text ... * 2 .text C:\Program Files (x86)\YOUTUB~1\YouTubeAcceleratorService.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077251465 2 bytes [25, 77] .text C:\Program Files (x86)\YOUTUB~1\YouTubeAcceleratorService.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772514bb 2 bytes [25, 77] .text ... * 2 .text C:\Users\Samsung\AppData\Roaming\uTorrent\uTorrent.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077251465 2 bytes [25, 77] .text C:\Users\Samsung\AppData\Roaming\uTorrent\uTorrent.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772514bb 2 bytes [25, 77] .text ... * 2 .text C:\Program Files (x86)\XTab\HPNotify.exe[3592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077251465 2 bytes [25, 77] .text C:\Program Files (x86)\XTab\HPNotify.exe[3592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772514bb 2 bytes [25, 77] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800100ee94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800100ec38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800100f614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800100fa10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800100f86c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa8002d052c0 Device \FileSystem\fastfat \Fat fffffa80058c42c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80056d62c0 Device \Driver\cdrom \Device\CdRom0 fffffa80054832c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{F08DEBF0-FDDE-4499-AF07-3BA1061CF77B} fffffa80055bd2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{97E68026-D4E8-4434-8EEB-F321887B1246} fffffa80055bd2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80056d62c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80056d62c0 Device \Driver\USBSTOR \Device\00000096 fffffa8006f282c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80055bd2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80056d62c0 Device \Driver\USBSTOR \Device\00000097 fffffa8006f282c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{9FE60FB2-326B-4BEF-8BC7-884DA3AE867E} fffffa80055bd2c0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b6d7fd80 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x19 0x04 0x62 0x0C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCF 0x24 0x5B 0xDC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b6d7fd80 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x44 0x26 0xFB 0x75 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA3 0xFD 0x1E 0x30 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x55 0x66 0xF7 0x77 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCF 0x24 0x5B 0xDC ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD1 0x20 0x55 0x16 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x43 0x2B 0xEA 0xDC ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEA 0xC0 0xB7 0xFA ... ---- EOF - GMER 2.1 ----