GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-12-06 14:53:31 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS543232L9A300 rev.FB4OC40C Running: k4vqeu8w.exe; Driver: C:\DOCUME~1\Kinga_PN\USTAWI~1\Temp\uxtdrpoc.sys ---- System - GMER 1.0.15 ---- SSDT B875A114 ZwClose SSDT B875A0CE ZwCreateKey SSDT B875A11E ZwCreateSection SSDT B875A0C4 ZwCreateThread SSDT B875A0D3 ZwDeleteKey SSDT B875A0DD ZwDeleteValueKey SSDT B875A10F ZwDuplicateObject SSDT B875A0E2 ZwLoadKey SSDT B875A0B0 ZwOpenProcess SSDT B875A0B5 ZwOpenThread SSDT B875A137 ZwQueryValueKey SSDT B875A0EC ZwReplaceKey SSDT B875A128 ZwRequestWaitReplyPort SSDT B875A0E7 ZwRestoreKey SSDT B875A123 ZwSetContextThread SSDT B875A12D ZwSetSecurityObject SSDT B875A0D8 ZwSetValueKey SSDT B875A132 ZwSystemDebugControl SSDT B875A0BF ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7413360, 0x33A1AD, 0xE8000020] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----