GMER 2.1.19324 - http://www.gmer.net Rootkit scan 2014-01-22 06:59:12 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK8009GAH rev.BS011G 74,53GB Running: ob6jj5kw.exe; Driver: C:\DOCUME~1\xxx\USTAWI~1\Temp\uxtdqpow.sys ---- System - GMER 2.1 ---- SSDT BA711C34 ZwClose SSDT BA711BEE ZwCreateKey SSDT BA711C3E ZwCreateSection SSDT BA711BE4 ZwCreateThread SSDT BA711BF3 ZwDeleteKey SSDT BA711BFD ZwDeleteValueKey SSDT BA711C2F ZwDuplicateObject SSDT BA711C02 ZwLoadKey SSDT BA711BD0 ZwOpenProcess SSDT BA711BD5 ZwOpenThread SSDT BA711C57 ZwQueryValueKey SSDT BA711C0C ZwReplaceKey SSDT BA711C48 ZwRequestWaitReplyPort SSDT BA711C07 ZwRestoreKey SSDT BA711C43 ZwSetContextThread SSDT BA711C4D ZwSetSecurityObject SSDT BA711BF8 ZwSetValueKey SSDT BA711C52 ZwSystemDebugControl SSDT BA711BDF ZwTerminateProcess ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eufs.sys AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 eubakup.sys Device \Driver\usbhub \Device\00000090 hcmon.sys Device \Driver\usbhub \Device\00000092 hcmon.sys Device \Driver\usbhub \Device\00000094 hcmon.sys AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys Device \Driver\usbhub \Device\00000096 hcmon.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys Device \Driver\usbhub \Device\00000098 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys Device \Driver\usbhub \Device\0000009a hcmon.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00164157a97e Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00164157a97e@0022fd0bcda7 0x99 0xC0 0xF4 0xD2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00164157a97e@001e4cd9c479 0x26 0x86 0x7E 0x96 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00164157a97e@e02a82ca02ec 0x37 0x86 0x84 0xEB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00164157a97e@78471d52f22f 0x1A 0xC1 0x14 0x21 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00164157a97e@bccfcc937e66 0x6E 0x45 0xB0 0xEB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00164157a97e@045a95274f05 0xA4 0x3C 0x35 0x3A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC2 0xD7 0xE0 0x35 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00164157a97e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00164157a97e@0022fd0bcda7 0x99 0xC0 0xF4 0xD2 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00164157a97e@001e4cd9c479 0x26 0x86 0x7E 0x96 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00164157a97e@e02a82ca02ec 0x37 0x86 0x84 0xEB ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00164157a97e@78471d52f22f 0x1A 0xC1 0x14 0x21 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00164157a97e@bccfcc937e66 0x6E 0x45 0xB0 0xEB ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00164157a97e@045a95274f05 0xA4 0x3C 0x35 0x3A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC2 0xD7 0xE0 0x35 ... ---- EOF - GMER 2.1 ----