GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-11-12 12:38:20 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0004 465,76GB Running: sdd2qm9v.exe; Driver: C:\Users\jakub\AppData\Local\Temp\uwddykod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003203000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...] INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000320302f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3644] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b01465 2 bytes [B0, 76] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3644] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b014bb 2 bytes [B0, 76] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3524] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b01465 2 bytes [B0, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3524] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b014bb 2 bytes [B0, 76] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971076042 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca9710777da Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971caa06b Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971caa06b@6ce9071040e8 0xC1 0x65 0xD4 0xEA ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971caa06b@b8d9ce465c83 0x6B 0xF1 0x42 0x75 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971076042 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca9710777da (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971caa06b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971caa06b@6ce9071040e8 0xC1 0x65 0xD4 0xEA ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971caa06b@b8d9ce465c83 0x6B 0xF1 0x42 0x75 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\Users\jakub\AppData\Local\Opera\Opera\cache\assoc002\g_007C\opr0GHSK.000 45168 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\assoc002\g_007C\opr0GHSL.000 54408 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\assoc002\g_007C\opr0GHSM.000 52788 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\assoc002\g_007C\opr0GHSN.000 44880 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\assoc002\g_007C\opr0GHSO.000 45112 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\assoc002\g_007C\opr0GHSP.000 55332 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\assoc002\g_007C\opr0GHSQ.000 46076 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\assoc002\g_007C\opr0GHSR.000 54184 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\assoc002\g_007C\opr0GHSS.000 54056 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\assoc002\g_007C\opr0GHST.000 53336 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIDR.tmp 5707 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIF9.tmp 11961 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIFZ.tmp 37490 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIDC.tmp 5994 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIF8.tmp 11314 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIFF.tmp 4365 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIFG.tmp 13563 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIFH.tmp 13731 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIFN.tmp 111774 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIFO.tmp 72745 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIFP.tmp 101475 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIFQ.tmp 137214 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIFR.tmp 26358 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIFV.tmp 38472 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIFW.tmp 12768 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIFY.tmp 31991 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIG6.tmp 140191 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIG7.tmp 130382 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIG8.tmp 67486 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIG9.tmp 125389 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIGA.tmp 94495 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIGB.tmp 94592 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIGC.tmp 107763 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIGG.tmp 52832 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIGH.tmp 29279 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIGI.tmp 12627 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIGJ.tmp 58514 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0002\opr0GIGN.tmp 9738 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GII8.tmp 67267 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GIH8.tmp 175667 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GIH9.tmp 74937 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GIHA.tmp 107198 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GIHB.tmp 99589 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GIHC.tmp 94236 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GIHD.tmp 115701 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GIHE.tmp 97730 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GIHF.tmp 62392 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GIHG.tmp 56184 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GIHJ.tmp 4903 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GIHN.tmp 62912 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GIHP.tmp 36645 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GIHQ.tmp 21340 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GIHS.tmp 9013 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GIHU.tmp 7418 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GII1.tmp 78517 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GII7.tmp 184916 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GII9.tmp 77852 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GIIA.tmp 51115 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0003\opr0GIIG.tmp 15854 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_0006\opr0GISM.tmp 9993 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007B\opr0GHR8.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHSS.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHSI.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHSJ.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHSK.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHSL.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHSM.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHSN.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHSO.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHSP.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHSQ.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHSR.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHST.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHSV.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHSW.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHSX.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHSY.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHT5.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHT8.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHTB.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHTE.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007C\opr0GHTF.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007E\opr0GHZ4.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007E\opr0GHZ5.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\g_007E\opr0GHZ6.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\sesn\opr0GISK.tmp 0 bytes File C:\Users\jakub\AppData\Local\Opera\Opera\cache\sesn\opr0GISO.tmp 1362 bytes ---- EOF - GMER 2.1 ----