GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-26 01:49:48 Windows 5.1.2600 Dodatek Service Pack 2 Running: h0q3ctun.exe; Driver: C:\DOCUME~1\UZYTKO~1\USTAWI~1\Temp\pgldrpoc.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[1048] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00A75495 IAT C:\WINDOWS\system32\services.exe[1048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00A75495 IAT C:\WINDOWS\system32\services.exe[1048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00A753DA IAT C:\WINDOWS\system32\services.exe[1048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00A75375 IAT C:\WINDOWS\system32\services.exe[1048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00A75343 IAT C:\WINDOWS\system32\services.exe[1048] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00A7575A IAT C:\WINDOWS\system32\services.exe[1048] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00A75A04 IAT C:\WINDOWS\system32\services.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00A75A04 IAT C:\WINDOWS\system32\services.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00A7575A IAT C:\WINDOWS\system32\services.exe[1048] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00A75A04 IAT C:\WINDOWS\system32\services.exe[1048] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00A75495 IAT C:\WINDOWS\system32\lsass.exe[1060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00E95495 IAT C:\WINDOWS\system32\lsass.exe[1060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00E953DA IAT C:\WINDOWS\system32\lsass.exe[1060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00E95375 IAT C:\WINDOWS\system32\lsass.exe[1060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00E95343 IAT C:\WINDOWS\system32\lsass.exe[1060] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00E953DA IAT C:\WINDOWS\system32\lsass.exe[1060] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00E95495 IAT C:\WINDOWS\system32\lsass.exe[1060] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00E953DA IAT C:\WINDOWS\system32\lsass.exe[1060] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00E95375 IAT C:\WINDOWS\system32\lsass.exe[1060] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00E9575A IAT C:\WINDOWS\system32\lsass.exe[1060] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00E95A04 IAT C:\WINDOWS\system32\lsass.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00E95A04 IAT C:\WINDOWS\system32\lsass.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00E9575A IAT C:\WINDOWS\system32\lsass.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00E95A04 IAT C:\WINDOWS\system32\svchost.exe[1212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00C55343 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008E5495 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008E53DA IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 008E5375 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 008E5343 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 008E575A IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 008E5A04 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 008E5A04 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 008E575A IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 008E5A04 IAT C:\WINDOWS\system32\svchost.exe[1296] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 008E5495 IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 02165495 IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 021653DA IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 02165375 IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 02165343 IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0216575A IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 02165A04 IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 02165A04 IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0216575A IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 02165A04 IAT C:\WINDOWS\System32\svchost.exe[1336] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 02165495 IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[1672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405495 IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[1672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004053DA IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[1672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405375 IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[1672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405343 IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[1672] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0040575A IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[1672] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405A04 IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[1672] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405495 IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[1672] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405A04 IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[1672] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0040575A IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[1672] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405A04 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) ---- EOF - GMER 1.0.15 ----