GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-06 09:32:08 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST98823A rev.3.06 Running: chqb56oe.exe; Driver: C:\kgqcqpoc.sys ---- Kernel code sections - GMER 1.0.15 ---- .xreloc C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xF74B3000, 0xC58, 0x40000040] ---- Devices - GMER 1.0.15 ---- Device \Driver\atapi \Device\Ide\IdePort0 84FD7780 Device \Driver\atapi \Device\Ide\IdePort1 84FD7780 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 84FD7780 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 84FD7780 Device \Driver\usbstor \Device\0000008a 84DAA238 Device \Driver\usbstor \Device\0000008b 84DAA238 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\uobpujng@DisplayName Update System Reg HKLM\SYSTEM\ControlSet001\Services\uobpujng@Type 32 Reg HKLM\SYSTEM\ControlSet001\Services\uobpujng@Start 2 Reg HKLM\SYSTEM\ControlSet001\Services\uobpujng@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet001\Services\uobpujng@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet001\Services\uobpujng@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet001\Services\uobpujng@Description Zapewnia us?ugi pozyskiwania obraz?w dla skaner?w i aparat?w fotograficznych. Reg HKLM\SYSTEM\ControlSet001\Services\uobpujng\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\uobpujng\Parameters@ServiceDll C:\WINDOWS\system32\sgywop.dll Reg HKLM\SYSTEM\ControlSet002\Services\uobpujng@DisplayName Update System Reg HKLM\SYSTEM\ControlSet002\Services\uobpujng@Type 32 Reg HKLM\SYSTEM\ControlSet002\Services\uobpujng@Start 2 Reg HKLM\SYSTEM\ControlSet002\Services\uobpujng@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\uobpujng@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet002\Services\uobpujng@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\Services\uobpujng@Description Zapewnia us?ugi pozyskiwania obraz?w dla skaner?w i aparat?w fotograficznych. Reg HKLM\SYSTEM\ControlSet002\Services\uobpujng\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\uobpujng\Parameters@ServiceDll C:\WINDOWS\system32\sgywop.dll Reg HKLM\SYSTEM\ControlSet003\Services\uobpujng@DisplayName Update System Reg HKLM\SYSTEM\ControlSet003\Services\uobpujng@Type 32 Reg HKLM\SYSTEM\ControlSet003\Services\uobpujng@Start 2 Reg HKLM\SYSTEM\ControlSet003\Services\uobpujng@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\uobpujng@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet003\Services\uobpujng@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet003\Services\uobpujng@Description Zapewnia us?ugi pozyskiwania obraz?w dla skaner?w i aparat?w fotograficznych. Reg HKLM\SYSTEM\ControlSet003\Services\uobpujng\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\uobpujng\Parameters@ServiceDll C:\WINDOWS\system32\sgywop.dll Reg HKLM\SYSTEM\ControlSet004\Services\uobpujng@DisplayName Update System Reg HKLM\SYSTEM\ControlSet004\Services\uobpujng@Type 32 Reg HKLM\SYSTEM\ControlSet004\Services\uobpujng@Start 2 Reg HKLM\SYSTEM\ControlSet004\Services\uobpujng@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\uobpujng@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet004\Services\uobpujng@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet004\Services\uobpujng@Description Zapewnia us?ugi pozyskiwania obraz?w dla skaner?w i aparat?w fotograficznych. Reg HKLM\SYSTEM\ControlSet004\Services\uobpujng\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\uobpujng\Parameters@ServiceDll C:\WINDOWS\system32\sgywop.dll ---- EOF - GMER 1.0.15 ----