GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-09-03 18:07:10 Windows 6.0.6002 Service Pack 2 Running: bew6bp2v.exe; Driver: C:\Users\Marek\AppData\Local\Temp\uglcypow.sys ---- System - GMER 1.0.15 ---- INT 0x51 ? 91544A50 INT 0x61 ? 91544CD0 INT 0x62 ? 9157AA50 INT 0x82 ? 9157A2D0 INT 0xA1 ? 91544550 INT 0xB2 ? 915447D0 ---- Kernel code sections - GMER 1.0.15 ---- .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90003320, 0x3E4E87, 0xE8000020] C:\Program Files\HP\QuickPlay\000.fcl entry point in "" section [0xA2F90000] .clc C:\Program Files\HP\QuickPlay\000.fcl unknown last section [0xA2F91000, 0x1000, 0x00000000] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[888] kernel32.dll!SetUnhandledExceptionFilter 76B5A84F 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) Device \Driver\BTHUSB \Device\000000b7 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) Device \Driver\BTHUSB \Device\000000b9 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186bce9f9 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186bce9f9@001d4fa0a043 0x2F 0x41 0x3D 0xC9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186bce9f9@00bd3a07a4bb 0x2C 0xB6 0x3E 0x71 ... Reg HKLM\SYSTEM\ControlSet030\Services\BTHPORT\Parameters\Keys\002186bce9f9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet030\Services\BTHPORT\Parameters\Keys\002186bce9f9@001d4fa0a043 0x2F 0x41 0x3D 0xC9 ... Reg HKLM\SYSTEM\ControlSet030\Services\BTHPORT\Parameters\Keys\002186bce9f9@00bd3a07a4bb 0x2C 0xB6 0x3E 0x71 ... ---- EOF - GMER 1.0.15 ----