GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-09 00:39:12 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TS64GSSD370S rev.N1114H 59,63GB Running: qp42w0lb.exe; Driver: C:\Users\JUREK\AppData\Local\Temp\uxldypow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRenameKey + 1579 82A3FF55 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A7A262 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 ewf.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 ewf.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 ewf.sys Device \Driver\BTHUSB \Device\0000006a bthport.sys Device \Driver\BTHUSB \Device\0000006c bthport.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000b5da4d06c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000b5da4d06c@405fc2d36f63 0x85 0x91 0x95 0x87 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000b5da4d06c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000b5da4d06c@405fc2d36f63 0x85 0x91 0x95 0x87 ... ---- EOF - GMER 2.1 ----