GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2013-01-03 15:03:01
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: pf201i76.exe; Driver: C:\Users\Jacek\AppData\Local\Temp\pwdyrpob.sys


---- System - GMER 1.0.15 ----

SSDT            8D0CF80E                                                                                                                                      ZwCreateSection
SSDT            8D0CF818                                                                                                                                      ZwRequestWaitReplyPort
SSDT            8D0CF813                                                                                                                                      ZwSetContextThread
SSDT            8D0CF81D                                                                                                                                      ZwSetSecurityObject
SSDT            8D0CF822                                                                                                                                      ZwSystemDebugControl
SSDT            8D0CF7AF                                                                                                                                      ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                                                                 82AAE8D8 4 Bytes  [0E, F8, 0C, 8D] {PUSH CS; CLC ; OR AL, 0x8d}
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                                                                 82AAEBFC 4 Bytes  [18, F8, 0C, 8D] {SBB AL, BH; OR AL, 0x8d}
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                                                                 82AAEC30 4 Bytes  [13, F8, 0C, 8D] {ADC EDI, EAX; OR AL, 0x8d}
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                                                                 82AAEC94 4 Bytes  [1D, F8, 0C, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                                                                 82AAECDC 4 Bytes  [22, F8, 0C, 8D] {AND BH, AL; OR AL, 0x8d}
.text           ...                                                                                                                                           
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                                      section is writeable [0x8EC0E340, 0x3EDBA7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[3180] kernel32.dll!SetUnhandledExceptionFilter                                          771DA8B5 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2052] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx]  [01E21210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.dll (Backup Manager Module/NewTech Infosystems, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                       Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                       Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                      fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----