GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-07 11:25:24 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000006b WDC_WD16 rev.12.0 149,05GB Running: f94slj2u.exe; Driver: C:\Users\Ilona\AppData\Local\Temp\uwdiqpog.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 830799E9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B31C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- Devices - GMER 2.1 ---- Device \Driver\BTHUSB \Device\00000079 bthport.sys Device \Driver\BTHUSB \Device\0000007b bthport.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Threads - GMER 2.1 ---- Thread System [4:3172] A6E31F2E ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00271373aa4a Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x13 0xE8 0xB8 0xB9 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00271373aa4a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x13 0xE8 0xB8 0xB9 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----