GMER 2.1.19081 - http://www.gmer.net Rootkit scan 2013-02-23 13:45:21 Windows 5.1.2600 Dodatek Service Pack 3 Running: xrdpqcdf.exe ---- Modules - GMER 2.1 ---- Module _________ F85EB000-F8603000 (98304 bytes) ---- Services - GMER 2.1 ---- Service C:\WINDOWS\System32\Drivers\328283668ce358b1.sys (*** hidden *** ) [BOOT] 328283668ce358b1 <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\328283668ce358b1@ImagePath \SystemRoot\System32\Drivers\328283668ce358b1.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\328283668ce358b1@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\Services\328283668ce358b1@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\328283668ce358b1@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\328283668ce358b1@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\328283668ce358b1@Tag 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\328283668ce358b1@DisplayName syshost.exe Reg HKLM\SYSTEM\CurrentControlSet\Services\328283668ce358b1 Reg HKLM\SYSTEM\ControlSet002\Services\328283668ce358b1@ImagePath \SystemRoot\System32\Drivers\328283668ce358b1.sys Reg HKLM\SYSTEM\ControlSet002\Services\328283668ce358b1@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet002\Services\328283668ce358b1@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\328283668ce358b1@Type 1 Reg HKLM\SYSTEM\ControlSet002\Services\328283668ce358b1@Start 0 Reg HKLM\SYSTEM\ControlSet002\Services\328283668ce358b1@Tag 1 Reg HKLM\SYSTEM\ControlSet002\Services\328283668ce358b1@DisplayName syshost.exe Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 14326 ---- EOF - GMER 2.1 ----