GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-14 21:36:04 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3250410AS rev.4.AAA 232,89GB Running: ul7mppko.exe; Driver: C:\Users\Maciek\AppData\Local\Temp\kwrdrpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2128] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075502ab1 5 bytes JMP 000000010091fa56 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800103de94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800103dc38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800103e654] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800103ea50] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800103e8ac] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80066852c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80066852c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80066852c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa80066852c0 Device \FileSystem\Ntfs \Ntfs fffffa800668d2c0 Device \FileSystem\fastfat \Fat fffffa80089472c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8007d782c0 Device \Driver\cdrom \Device\CdRom0 fffffa8007a902c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8007d782c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8007d782c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007a752c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{F6748286-DDE5-4F97-AEA9-34CCC2ED70E6} fffffa8007a752c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80066852c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80066852c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8007d782c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80066852c0]<< sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa80066852c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078b9060] fffffa80078b9060 Trace 3 CLASSPNP.SYS[fffff880013b743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80072dd060] fffffa80072dd060 Trace \Driver\atapi[0xfffffa800726cd50] -> IRP_MJ_CREATE -> 0xfffffa80066852c0 fffffa80066852c0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2552:3716] 000007fef38d9688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3568:2776] 000007fefb4e2af8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3568:2772] 000007feed3c5648 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3568:4156] 000007fef8c15124 Thread M:\Word\Office15\MsoSync.exe [4604:2836] 000007fee65cba30 Thread M:\Word\Office15\MsoSync.exe [4604:4448] 000007fee65cba30 Thread M:\Word\Office15\MsoSync.exe [4604:4584] 000007fee65cba30