GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-28 12:59:24 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST932032 rev.0001 Running: 21pdjn63.exe; Driver: C:\DOCUME~1\Agent\USTAWI~1\Temp\uxtdypow.sys ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\SMINST\Scheduler.exe[2340] USER32.dll!GetSysColor 7E368E78 5 Bytes JMP 00418ED0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2340] USER32.dll!GetSysColorBrush 7E368EAB 5 Bytes JMP 00418F40 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2340] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 00418DC0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2340] USER32.dll!GetScrollInfo 7E37DFE2 7 Bytes JMP 00418D10 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2340] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 00418E90 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2340] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 00418D50 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2340] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 00418E00 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2340] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 00418D80 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2340] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 00418E40 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2340] USER32.dll!EnableScrollBar 7E3B8005 7 Bytes JMP 00418CD0 C:\WINDOWS\SMINST\Scheduler.exe ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\$NtUninstallKB45439$\1332269517 0 bytes File C:\WINDOWS\$NtUninstallKB45439$\3300619716 0 bytes File C:\WINDOWS\$NtUninstallKB45439$\3300619716\@ 2048 bytes File C:\WINDOWS\$NtUninstallKB45439$\3300619716\cfg.ini 62 bytes File C:\WINDOWS\$NtUninstallKB45439$\3300619716\Desktop.ini 4608 bytes File C:\WINDOWS\$NtUninstallKB45439$\3300619716\L 0 bytes File C:\WINDOWS\$NtUninstallKB45439$\3300619716\L\priknwdy 162816 bytes File C:\WINDOWS\$NtUninstallKB45439$\3300619716\oemid 171 bytes File C:\WINDOWS\$NtUninstallKB45439$\3300619716\U 0 bytes File C:\WINDOWS\$NtUninstallKB45439$\3300619716\U\00000001.@ 2048 bytes File C:\WINDOWS\$NtUninstallKB45439$\3300619716\U\00000002.@ 224768 bytes File C:\WINDOWS\$NtUninstallKB45439$\3300619716\U\00000004.@ 1024 bytes File C:\WINDOWS\$NtUninstallKB45439$\3300619716\U\80000000.@ 1024 bytes File C:\WINDOWS\$NtUninstallKB45439$\3300619716\U\80000004.@ 1024 bytes File C:\WINDOWS\$NtUninstallKB45439$\3300619716\U\80000032.@ 115712 bytes File C:\WINDOWS\$NtUninstallKB45439$\3300619716\version 998 bytes ---- EOF - GMER 1.0.15 ----