GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-26 11:47:22 Windows 5.1.2600 Dodatek Service Pack 2 Running: h0q3ctun.exe; Driver: C:\DOCUME~1\UZYTKO~1\USTAWI~1\Temp\pgldrpoc.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\svchost.exe[256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405495 IAT C:\WINDOWS\system32\svchost.exe[256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004053DA IAT C:\WINDOWS\system32\svchost.exe[256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405375 IAT C:\WINDOWS\system32\svchost.exe[256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405343 IAT C:\WINDOWS\system32\svchost.exe[256] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0040575A IAT C:\WINDOWS\system32\svchost.exe[256] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405A04 IAT C:\WINDOWS\system32\svchost.exe[256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405A04 IAT C:\WINDOWS\system32\svchost.exe[256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0040575A IAT C:\WINDOWS\system32\svchost.exe[256] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405A04 IAT C:\WINDOWS\system32\svchost.exe[256] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405495 IAT C:\WINDOWS\system32\services.exe[944] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00A75495 IAT C:\WINDOWS\system32\services.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00A75495 IAT C:\WINDOWS\system32\services.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00A753DA IAT C:\WINDOWS\system32\services.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00A75375 IAT C:\WINDOWS\system32\services.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00A75343 IAT C:\WINDOWS\system32\services.exe[944] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00A7575A IAT C:\WINDOWS\system32\services.exe[944] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00A75A04 IAT C:\WINDOWS\system32\services.exe[944] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00A75A04 IAT C:\WINDOWS\system32\services.exe[944] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00A7575A IAT C:\WINDOWS\system32\services.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00A75A04 IAT C:\WINDOWS\system32\services.exe[944] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00A75495 IAT C:\WINDOWS\system32\lsass.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00BB5495 IAT C:\WINDOWS\system32\lsass.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00BB53DA IAT C:\WINDOWS\system32\lsass.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00BB5375 IAT C:\WINDOWS\system32\lsass.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00BB5343 IAT C:\WINDOWS\system32\lsass.exe[956] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00BB53DA IAT C:\WINDOWS\system32\lsass.exe[956] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00BB5495 IAT C:\WINDOWS\system32\lsass.exe[956] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00BB53DA IAT C:\WINDOWS\system32\lsass.exe[956] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00BB5375 IAT C:\WINDOWS\system32\lsass.exe[956] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00BB575A IAT C:\WINDOWS\system32\lsass.exe[956] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00BB5A04 IAT C:\WINDOWS\system32\lsass.exe[956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00BB5A04 IAT C:\WINDOWS\system32\lsass.exe[956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00BB575A IAT C:\WINDOWS\system32\lsass.exe[956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00BB5A04 IAT C:\WINDOWS\system32\svchost.exe[1108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00C15343 IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00865495 IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008653DA IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00865375 IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00865343 IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0086575A IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00865A04 IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00865A04 IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0086575A IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00865A04 IAT C:\WINDOWS\system32\svchost.exe[1184] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00865495 IAT C:\WINDOWS\System32\svchost.exe[1272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00D85495 IAT C:\WINDOWS\System32\svchost.exe[1272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00D853DA IAT C:\WINDOWS\System32\svchost.exe[1272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00D85375 IAT C:\WINDOWS\System32\svchost.exe[1272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00D85343 IAT C:\WINDOWS\System32\svchost.exe[1272] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00D8575A IAT C:\WINDOWS\System32\svchost.exe[1272] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00D85A04 IAT C:\WINDOWS\System32\svchost.exe[1272] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00D85A04 IAT C:\WINDOWS\System32\svchost.exe[1272] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00D8575A IAT C:\WINDOWS\System32\svchost.exe[1272] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00D85A04 IAT C:\WINDOWS\System32\svchost.exe[1272] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00D85495 IAT C:\WINDOWS\System32\svchost.exe[2292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405495 IAT C:\WINDOWS\System32\svchost.exe[2292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004053DA IAT C:\WINDOWS\System32\svchost.exe[2292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405375 IAT C:\WINDOWS\System32\svchost.exe[2292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405343 IAT C:\WINDOWS\System32\svchost.exe[2292] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0040575A IAT C:\WINDOWS\System32\svchost.exe[2292] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405A04 IAT C:\WINDOWS\System32\svchost.exe[2292] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405A04 IAT C:\WINDOWS\System32\svchost.exe[2292] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0040575A IAT C:\WINDOWS\System32\svchost.exe[2292] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405A04 IAT C:\WINDOWS\System32\svchost.exe[2292] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405495 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) ---- EOF - GMER 1.0.15 ----