GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-29 16:58:14 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FB4O Running: yu0bed9f.exe; Driver: C:\Users\Damian\AppData\Local\Temp\uxldapow.sys ---- System - GMER 1.0.15 ---- SSDT 8FDB9076 ZwCreateSection SSDT 8FDB9080 ZwRequestWaitReplyPort SSDT 8FDB907B ZwSetContextThread SSDT 8FDB9085 ZwSetSecurityObject SSDT 8FDB908A ZwSystemDebugControl SSDT 8FDB9017 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 215 820F0958 4 Bytes [76, 90, DB, 8F] .text ntkrnlpa.exe!KeSetEvent + 539 820F0C7C 4 Bytes [80, 90, DB, 8F] .text ntkrnlpa.exe!KeSetEvent + 56D 820F0CB0 4 Bytes [7B, 90, DB, 8F] .text ntkrnlpa.exe!KeSetEvent + 5D1 820F0D14 4 Bytes [85, 90, DB, 8F] .text ntkrnlpa.exe!KeSetEvent + 619 820F0D5C 4 Bytes [8A, 90, DB, 8F] .text ... .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BA08340, 0x3EE587, 0xE8000020] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269eb5f83 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\1392b1052858 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\1392b3052858 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269eb5f83 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\1392b1052858 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\1392b3052858 (not active ControlSet) ---- EOF - GMER 1.0.15 ----