GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-27 22:09:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005b ST325031 rev.CC38 232,89GB Running: ug849muu.exe; Driver: C:\Users\Klaku\AppData\Local\Temp\pgtdqpoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000183f00 7 bytes [80, 9D, F3, FF, 01, A9, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000183f08 3 bytes [C0, 06, 02] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[msvcrt.dll!_initterm] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[msvcrt.dll!free] [1000300000000] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[msvcrt.dll!malloc] [80000030800002ee] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[msvcrt.dll!_unlock] [80000080800001f0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[msvcrt.dll!__dllonexit] [8000009800000010] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[msvcrt.dll!_XcptFilter] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[msvcrt.dll!??3@YAXPEAX@Z] [1000000000000] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[msvcrt.dll!_amsg_exit] [800000b000000001] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[msvcrt.dll!??_U@YAPEAX_K@Z] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[msvcrt.dll!??_V@YAXPEAX@Z] [1000400000000] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[msvcrt.dll!_purecall] [800000c880000254] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[msvcrt.dll!wcschr] [800000e080000212] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[msvcrt.dll!memset] [800000f880000282] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[msvcrt.dll!memcpy] [80000110800002b2] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[msvcrt.dll!_vsnwprintf] [8000012800000065] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[msvcrt.dll!_lock] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[msvcrt.dll!_onexit] [1000000000000] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[msvcrt.dll!??2@YAPEAX_K@Z] [8000014000000001] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[ntdll.dll!RtlLookupFunctionEntry] [1000000000000] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[ntdll.dll!RtlCaptureContext] [8000015800000001] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[ntdll.dll!RtlSubAuthoritySid] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[ntdll.dll!RtlInitializeSid] [1000000000000] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[ntdll.dll!EtwTraceMessage] [17000000409] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[ntdll.dll!RtlInitUnicodeString] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[ntdll.dll!RtlMapGenericMask] [1000000000000] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[ntdll.dll!RtlVirtualUnwind] [18000000409] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!DisableThreadLibraryCalls] [1000000000000] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!CloseHandle] [19000000409] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!GetLastError] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!LocalFree] [1000000000000] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!FreeLibrary] [1a000000409] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!GetProcAddress] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!LoadLibraryExA] [1000000000000] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!DelayLoadFailureHook] [1b000000409] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!Sleep] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!QueryPerformanceCounter] [1000000000000] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!GetTickCount] [1c000000409] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!GetCurrentThreadId] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!GetCurrentProcessId] [1000000000000] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [1d000000409] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!TerminateProcess] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!GetCurrentProcess] [1000000000000] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!UnhandledExceptionFilter] [1e000000409] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [e800025238] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!CompareStringW] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!DeleteFileW] [27f00024a78] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!CreateFileW] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!ExpandEnvironmentStringsW] [2cf000247a8] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!OpenProcess] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!lstrcmpiW] [28700024cf8] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!GetComputerNameW] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!lstrlenW] [2b200024f80] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!ReadFile] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!GetFileSize] [2f2000244b0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!GetModuleHandleW] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!SystemTimeToFileTime] [de1800016698] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!FileTimeToSystemTime] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!TzSpecificLocalTimeToSystemTime] [39400016300] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!SystemTimeToTzSpecificLocalTime] [0] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!WaitForSingleObject] [44004900200059] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!ResetEvent] [4e0045005f0052] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!CreateEventW] [43004e00410048] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!CompareStringOrdinal] [54005300440045] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!RegOpenKeyExW] [4700410052004f] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!RegCloseKey] [54004300410045] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!InitOnceExecuteOnce] [4d0055004e0045] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!RegQueryInfoKeyW] [54004100520045] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!RegEnumValueW] [4900160052004f] IAT C:\Windows\Explorer.EXE[2104] @ C:\Windows\System32\shacct.dll[KERNEL32.dll!LocalAlloc] [45005f00520044] ---- EOF - GMER 2.1 ----