GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-11 19:17:10 Windows 6.1.7601 Service Pack 1 x64 Running: GMER.exe ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0x4E 0x9C 0x48 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2D 0xD5 0x58 0x28 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x79 0xC3 0xDA 0xF7 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0x4E 0x9C 0x48 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2D 0xD5 0x58 0x28 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x79 0xC3 0xDA 0xF7 ... Reg HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice@Progid UCHTML Reg HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice@Progid UCHTML ---- Files - GMER 2.2 ---- File C:\Users\user\AppData\Local\Opera Software\Opera Stable\Cache\f_00119d 60513 bytes File C:\Users\user\AppData\Local\Opera Software\Opera Stable\Cache\f_00119e 379779 bytes File C:\Users\user\AppData\Local\Opera Software\Opera Stable\Cache\f_00119f 65536 bytes File C:\Users\user\AppData\Local\Opera Software\Opera Stable\Cache\f_0011a0 143102 bytes File C:\Users\user\AppData\Local\Opera Software\Opera Stable\Cache\f_0011a1 130893 bytes File C:\Users\user\AppData\Local\Opera Software\Opera Stable\Cache\f_0011a2 759232 bytes File C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8f14a4c9335c7090add3c3a6b3e5f7a0_403aab3f-6e98-403a-afdb-4ccf7214e70b 2246 bytes ADS C:\Windows\System32\drivers:ucdrv-x64.sys 40424 bytes executable <-- ROOTKIT !!! ADS C:\Windows\System32\drivers:x64 721072 bytes executable ADS C:\Windows\System32\drivers:x86 578224 bytes executable ---- Services - GMER 2.2 ---- Service C:\Windows\System32\drivers:ucdrv-x64.sys [SYSTEM] ucdrv <-- ROOTKIT !!! ---- EOF - GMER 2.2 ----