GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-05 14:07:59 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9 ExcelStor_Technology_J880S rev.PF2OA60A 76,69GB Running: j0igp09c.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\awlyipog.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\svchost.exe[1172] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes JMP 015BADCD .text C:\WINDOWS\System32\svchost.exe[1172] NETAPI32.dll!NetpwPathCanonicalize 6FF4A3A9 5 Bytes JMP 015BAD64 .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtQueryInformationProcess 7C90D7E0 5 Bytes JMP 008DADCD ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Tcp ABTDI.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet002\Services\boljsff@DisplayName Manager Driver Reg HKLM\SYSTEM\ControlSet002\Services\boljsff@Type 32 Reg HKLM\SYSTEM\ControlSet002\Services\boljsff@Start 2 Reg HKLM\SYSTEM\ControlSet002\Services\boljsff@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\boljsff@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet002\Services\boljsff@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\Services\boljsff@Description Zapewnia zarz?dzanie kompozycjami obs?ugiwanymi przez u?ytkownika. Reg HKLM\SYSTEM\ControlSet002\Services\boljsff\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\boljsff\Parameters@ServiceDll C:\WINDOWS\TEMP\\nukne.dll Reg HKLM\SYSTEM\ControlSet002\Services\ieebh@DisplayName Monitor Helper Reg HKLM\SYSTEM\ControlSet002\Services\ieebh@Type 32 Reg HKLM\SYSTEM\ControlSet002\Services\ieebh@Start 2 Reg HKLM\SYSTEM\ControlSet002\Services\ieebh@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\ieebh@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet002\Services\ieebh@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\Services\ieebh@Description Zarz?dza zasadami zabezpiecze? IP i uruchamia sterownik ISAKMP/Oakley (IKE) i sterownik zabezpiecze? IP. Reg HKLM\SYSTEM\ControlSet002\Services\ieebh\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\ieebh\Parameters@ServiceDll C:\WINDOWS\system32\nukne.dll Reg HKLM\SYSTEM\ControlSet002\Services\jokft@DisplayName Shell Boot Reg HKLM\SYSTEM\ControlSet002\Services\jokft@Type 32 Reg HKLM\SYSTEM\ControlSet002\Services\jokft@Start 2 Reg HKLM\SYSTEM\ControlSet002\Services\jokft@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\jokft@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet002\Services\jokft@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\Services\jokft@Description Zapewnia program mapowania punkt?w ko?cowych i rozmaite inne us?ugi RPC. Reg HKLM\SYSTEM\ControlSet002\Services\jokft\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\jokft\Parameters@ServiceDll C:\Documents and Settings\NetworkService\Dane aplikacji\nukne.dll Reg HKLM\SYSTEM\ControlSet002\Services\jqvqu@DisplayName System Microsoft Reg HKLM\SYSTEM\ControlSet002\Services\jqvqu@Type 32 Reg HKLM\SYSTEM\ControlSet002\Services\jqvqu@Start 2 Reg HKLM\SYSTEM\ControlSet002\Services\jqvqu@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\jqvqu@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet002\Services\jqvqu@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\Services\jqvqu@Description Zapewnia powiadomienia o zdarzeniach sprz?towych Autoodtwarzania. Reg HKLM\SYSTEM\ControlSet002\Services\jqvqu\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\jqvqu\Parameters@ServiceDll C:\Program Files\Internet Explorer\nukne.dll Reg HKLM\SYSTEM\ControlSet002\Services\uafrxmur@DisplayName Support Server Reg HKLM\SYSTEM\ControlSet002\Services\uafrxmur@Type 32 Reg HKLM\SYSTEM\ControlSet002\Services\uafrxmur@Start 2 Reg HKLM\SYSTEM\ControlSet002\Services\uafrxmur@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\uafrxmur@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet002\Services\uafrxmur@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\Services\uafrxmur@Description Zarz?dza zasadami zabezpiecze? IP i uruchamia sterownik ISAKMP/Oakley (IKE) i sterownik zabezpiecze? IP. Reg HKLM\SYSTEM\ControlSet002\Services\uafrxmur\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\uafrxmur\Parameters@ServiceDll C:\Program Files\Movie Maker\nukne.dll ---- EOF - GMER 2.1 ----