GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-10-06 18:31:11 Windows 5.1.2600 Dodatek Service Pack 3 Running: p0cfhtn3.exe; Driver: C:\DOCUME~1\Pawel\USTAWI~1\Temp\ugldrpob.sys ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 01F9ADDD .text C:\WINDOWS\System32\svchost.exe[1220] NETAPI32.dll!NetpwPathCanonicalize 6FF4A3A9 5 Bytes JMP 01F9AD74 .text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 007FADDD ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\Cdrom \Device\CdRom0 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies) AttachedDevice \FileSystem\Fastfat \Fat OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies) ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] feqzlhp <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a4fde349 Reg HKLM\SYSTEM\CurrentControlSet\Services\feqzlhp@DisplayName Universal Manager Reg HKLM\SYSTEM\CurrentControlSet\Services\feqzlhp@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\Services\feqzlhp@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\feqzlhp@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\feqzlhp@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\CurrentControlSet\Services\feqzlhp@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\feqzlhp@Description Obs?uguje urz?dzenia podczerwieni zainstalowane na komputerze i wykrywa inne urz?dzenia znajduj?ce si? w zasi?gu. Reg HKLM\SYSTEM\CurrentControlSet\Services\feqzlhp\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\feqzlhp\Parameters@ServiceDll C:\WINDOWS\system32\qckdycm.dll Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0014a4fde349 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\feqzlhp@DisplayName Universal Manager Reg HKLM\SYSTEM\ControlSet002\Services\feqzlhp@Type 32 Reg HKLM\SYSTEM\ControlSet002\Services\feqzlhp@Start 2 Reg HKLM\SYSTEM\ControlSet002\Services\feqzlhp@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\feqzlhp@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet002\Services\feqzlhp@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\Services\feqzlhp@Description Obs?uguje urz?dzenia podczerwieni zainstalowane na komputerze i wykrywa inne urz?dzenia znajduj?ce si? w zasi?gu. Reg HKLM\SYSTEM\ControlSet002\Services\feqzlhp\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\feqzlhp\Parameters@ServiceDll C:\WINDOWS\system32\qckdycm.dll ---- EOF - GMER 1.0.15 ----