GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-20 17:49:09 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 TOSHIBA_MK3263GSX rev.FG020M 298,09GB Running: mn5ebuwn.exe; Driver: C:\DOCUME~1\Ola\USTAWI~1\Temp\uwpoqpoc.sys ---- System - GMER 2.0 ---- INT 0x63 ? 89B08CC8 INT 0x63 ? 89B08CC8 INT 0x63 ? 89B08CC8 INT 0x63 ? 89B08CC8 INT 0x63 ? 89A24CC8 INT 0x63 ? 89A24CC8 INT 0x63 ? 89A24CC8 INT 0x63 ? 89B08CC8 INT 0x73 ? 89A24CC8 INT 0x94 ? 89A24CC8 INT 0xA4 ? 89A24CC8 INT 0xB4 ? 89A24CC8 ---- Kernel code sections - GMER 2.0 ---- .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF75BC346] .text USBPORT.SYS!DllUnload BA6978AC 5 Bytes JMP 89A241D8 ---- Kernel IAT/EAT - GMER 2.0 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F74C2232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F74C1730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F74C1F12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74C1730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74C1914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74C1856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74C20F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74C1F12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89A24308 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74D5F1E] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@0019637b9afd 0x11 0xBF 0x44 0x5F ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310@0019637b9afd 0x11 0xBF 0x44 0x5F ... ---- EOF - GMER 2.0 ----