GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-18 12:40:10 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e SAMSUNG_HD040GJ/P rev.ZG100-34 Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pxtdipow.sys ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB9B19F80] ? C:\WINDOWS\system32\drivers\blzblk.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\V0220Mon.exe[724] ws2_32.dll!getsockname 71A53D10 6 Bytes JMP 00D50000 .text C:\WINDOWS\V0220Mon.exe[724] ws2_32.dll!connect 71A54A07 6 Bytes JMP 00D40000 .text C:\WINDOWS\V0220Mon.exe[724] ws2_32.dll!WSAStartup 71A56A55 6 Bytes JMP 00D20000 .text C:\WINDOWS\V0220Mon.exe[724] ws2_32.dll!getpeername 71A60B68 6 Bytes JMP 00D60000 .text C:\WINDOWS\V0220Mon.exe[724] ws2_32.dll!WSAConnect 71A60C81 6 Bytes JMP 00D30000 .text C:\WINDOWS\system32\wuauclt.exe[788] ws2_32.dll!getsockname 71A53D10 6 Bytes JMP 00B70000 .text C:\WINDOWS\system32\wuauclt.exe[788] ws2_32.dll!connect 71A54A07 6 Bytes JMP 00B60000 .text C:\WINDOWS\system32\wuauclt.exe[788] ws2_32.dll!WSAStartup 71A56A55 6 Bytes JMP 00B40000 .text C:\WINDOWS\system32\wuauclt.exe[788] ws2_32.dll!getpeername 71A60B68 6 Bytes JMP 00B80000 .text C:\WINDOWS\system32\wuauclt.exe[788] ws2_32.dll!WSAConnect 71A60C81 6 Bytes JMP 00B50000 .text C:\WINDOWS\system32\ctfmon.exe[852] ws2_32.dll!getsockname 71A53D10 6 Bytes JMP 00CE0000 .text C:\WINDOWS\system32\ctfmon.exe[852] ws2_32.dll!connect 71A54A07 6 Bytes JMP 00CD0000 .text C:\WINDOWS\system32\ctfmon.exe[852] ws2_32.dll!WSAStartup 71A56A55 6 Bytes JMP 00B80000 .text C:\WINDOWS\system32\ctfmon.exe[852] ws2_32.dll!getpeername 71A60B68 6 Bytes JMP 00CF0000 .text C:\WINDOWS\system32\ctfmon.exe[852] ws2_32.dll!WSAConnect 71A60C81 6 Bytes JMP 00CC0000 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1028] ws2_32.dll!getsockname 71A53D10 6 Bytes JMP 01840000 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1028] ws2_32.dll!connect 71A54A07 6 Bytes JMP 01830000 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1028] ws2_32.dll!WSAStartup 71A56A55 6 Bytes JMP 01810000 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1028] ws2_32.dll!getpeername 71A60B68 6 Bytes JMP 01850000 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1028] ws2_32.dll!WSAConnect 71A60C81 6 Bytes JMP 01820000 .text C:\Program Files\Gadu-Gadu\gg.exe[1596] WS2_32.dll!getsockname 71A53D10 6 Bytes JMP 02410000 .text C:\Program Files\Gadu-Gadu\gg.exe[1596] WS2_32.dll!connect 71A54A07 6 Bytes JMP 02400000 .text C:\Program Files\Gadu-Gadu\gg.exe[1596] WS2_32.dll!WSAStartup 71A56A55 6 Bytes JMP 023E0000 .text C:\Program Files\Gadu-Gadu\gg.exe[1596] WS2_32.dll!getpeername 71A60B68 6 Bytes JMP 02420000 .text C:\Program Files\Gadu-Gadu\gg.exe[1596] WS2_32.dll!WSAConnect 71A60C81 6 Bytes JMP 023F0000 .text C:\WINDOWS\Explorer.EXE[1780] WS2_32.dll!getsockname 71A53D10 6 Bytes JMP 02630000 .text C:\WINDOWS\Explorer.EXE[1780] WS2_32.dll!connect 71A54A07 6 Bytes JMP 00D40000 .text C:\WINDOWS\Explorer.EXE[1780] WS2_32.dll!WSAStartup 71A56A55 6 Bytes JMP 00CA0000 .text C:\WINDOWS\Explorer.EXE[1780] WS2_32.dll!getpeername 71A60B68 6 Bytes JMP 030F0000 .text C:\WINDOWS\Explorer.EXE[1780] WS2_32.dll!WSAConnect 71A60C81 6 Bytes JMP 00D30000 .text C:\Documents and Settings\Administrator\Pulpit\gmer.exe[2344] ws2_32.dll!getsockname 71A53D10 6 Bytes JMP 00C10000 .text C:\Documents and Settings\Administrator\Pulpit\gmer.exe[2344] ws2_32.dll!connect 71A54A07 6 Bytes JMP 00C00000 .text C:\Documents and Settings\Administrator\Pulpit\gmer.exe[2344] ws2_32.dll!WSAStartup 71A56A55 6 Bytes JMP 00B90000 .text C:\Documents and Settings\Administrator\Pulpit\gmer.exe[2344] ws2_32.dll!getpeername 71A60B68 6 Bytes JMP 00C20000 .text C:\Documents and Settings\Administrator\Pulpit\gmer.exe[2344] ws2_32.dll!WSAConnect 71A60C81 6 Bytes JMP 00BF0000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Fastfat \Fat A849AD20 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----