GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-07 10:58:09 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.ESBO 232,89GB Running: 63i0d7on.exe; Driver: C:\Users\Tomasz\AppData\Local\Temp\ugrdipoc.sys ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys >>UNKNOWN [0x862d90b1]<< 862d90b1 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f3fac8] 85f3fac8 Trace 3 CLASSPNP.SYS[86da559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8484e028] 8484e028 ---- Threads - GMER 2.1 ---- Thread System [4:320] 8616539F Thread System [4:388] 8634A0F4 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde6a7914 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4de6f90a5 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4de6f90a5@ccf9e83b220e 0xF7 0x03 0x85 0x2C ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca97100692c Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde6a7914 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4de6f90a5 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4de6f90a5@ccf9e83b220e 0xF7 0x03 0x85 0x2C ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca97100692c (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{143B9805-AF4C-11E0-AFF3-806E6F6E6963} 10616136032 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----