GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-26 23:34:03 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST980811AS rev.3.ALC Running: tvunm2lc.exe; Driver: D:\DOCUME~1\monika\USTAWI~1\Temp\fweyypob.sys ---- System - GMER 1.0.15 ---- SSDT \??\D:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Protection driver/Panda Security, S.L.) ZwTerminateProcess [0xEFE2173A] ---- Kernel code sections - GMER 1.0.15 ---- ? 05677904.sys Nie można odnaleźć określonego pliku. ! ? tsk1.tmp Nie można odnaleźć określonego pliku. ! ? D:\WINDOWS\system32\PavTPK.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text D:\WINDOWS\Explorer.EXE[268] WS2_32.dll!sendto 71A52C69 6 Bytes JMP 5F100F5A .text D:\WINDOWS\Explorer.EXE[268] WS2_32.dll!recvfrom 71A52D0F 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\Explorer.EXE[268] WS2_32.dll!connect 71A5406A 6 Bytes JMP 5F040F5A .text D:\WINDOWS\Explorer.EXE[268] WS2_32.dll!send 71A5428A 6 Bytes JMP 5F0D0F5A .text D:\WINDOWS\Explorer.EXE[268] WS2_32.dll!WSARecv 71A54318 6 Bytes JMP 5F160F5A .text D:\WINDOWS\Explorer.EXE[268] WS2_32.dll!recv 71A5615A 6 Bytes JMP 5F070F5A .text D:\WINDOWS\Explorer.EXE[268] WS2_32.dll!WSASend 71A56233 6 Bytes JMP 5F1C0F5A .text D:\WINDOWS\Explorer.EXE[268] WS2_32.dll!closesocket 71A59639 6 Bytes JMP 5F220F5A .text D:\WINDOWS\Explorer.EXE[268] WS2_32.dll!WSARecvFrom 71A5F652 6 Bytes JMP 5F190F5A .text D:\WINDOWS\Explorer.EXE[268] WS2_32.dll!WSASendTo 71A60A95 6 Bytes JMP 5F1F0F5A .text D:\WINDOWS\Explorer.EXE[268] WS2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 5F130F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[580] WS2_32.dll!sendto 71A52C69 6 Bytes JMP 5F100F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[580] WS2_32.dll!recvfrom 71A52D0F 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[580] WS2_32.dll!connect 71A5406A 6 Bytes JMP 5F040F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[580] WS2_32.dll!send 71A5428A 6 Bytes JMP 5F0D0F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[580] WS2_32.dll!WSARecv 71A54318 6 Bytes JMP 5F160F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[580] WS2_32.dll!recv 71A5615A 6 Bytes JMP 5F070F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[580] WS2_32.dll!WSASend 71A56233 6 Bytes JMP 5F1C0F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[580] WS2_32.dll!closesocket 71A59639 6 Bytes JMP 5F220F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[580] WS2_32.dll!WSARecvFrom 71A5F652 6 Bytes JMP 5F190F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[580] WS2_32.dll!WSASendTo 71A60A95 6 Bytes JMP 5F1F0F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[580] WS2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 5F130F5A .text D:\WINDOWS\system32\HPZipm12.exe[1516] WS2_32.dll!sendto 71A52C69 6 Bytes JMP 5F100F5A .text D:\WINDOWS\system32\HPZipm12.exe[1516] WS2_32.dll!recvfrom 71A52D0F 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\HPZipm12.exe[1516] WS2_32.dll!connect 71A5406A 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\HPZipm12.exe[1516] WS2_32.dll!send 71A5428A 6 Bytes JMP 5F0D0F5A .text D:\WINDOWS\system32\HPZipm12.exe[1516] WS2_32.dll!WSARecv 71A54318 6 Bytes JMP 5F160F5A .text D:\WINDOWS\system32\HPZipm12.exe[1516] WS2_32.dll!recv 71A5615A 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\HPZipm12.exe[1516] WS2_32.dll!WSASend 71A56233 6 Bytes JMP 5F1C0F5A .text D:\WINDOWS\system32\HPZipm12.exe[1516] WS2_32.dll!closesocket 71A59639 6 Bytes JMP 5F220F5A .text D:\WINDOWS\system32\HPZipm12.exe[1516] WS2_32.dll!WSARecvFrom 71A5F652 6 Bytes JMP 5F190F5A .text D:\WINDOWS\system32\HPZipm12.exe[1516] WS2_32.dll!WSASendTo 71A60A95 6 Bytes JMP 5F1F0F5A .text D:\WINDOWS\system32\HPZipm12.exe[1516] WS2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 5F130F5A .text D:\Program Files\Java\jre6\bin\jqs.exe[1736] WS2_32.dll!sendto 71A52C69 6 Bytes JMP 5F100F5A .text D:\Program Files\Java\jre6\bin\jqs.exe[1736] WS2_32.dll!recvfrom 71A52D0F 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Java\jre6\bin\jqs.exe[1736] WS2_32.dll!connect 71A5406A 6 Bytes JMP 5F040F5A .text D:\Program Files\Java\jre6\bin\jqs.exe[1736] WS2_32.dll!send 71A5428A 6 Bytes JMP 5F0D0F5A .text D:\Program Files\Java\jre6\bin\jqs.exe[1736] WS2_32.dll!WSARecv 71A54318 6 Bytes JMP 5F160F5A .text D:\Program Files\Java\jre6\bin\jqs.exe[1736] WS2_32.dll!recv 71A5615A 6 Bytes JMP 5F070F5A .text D:\Program Files\Java\jre6\bin\jqs.exe[1736] WS2_32.dll!WSASend 71A56233 6 Bytes JMP 5F1C0F5A .text D:\Program Files\Java\jre6\bin\jqs.exe[1736] WS2_32.dll!closesocket 71A59639 6 Bytes JMP 5F220F5A .text D:\Program Files\Java\jre6\bin\jqs.exe[1736] WS2_32.dll!WSARecvFrom 71A5F652 6 Bytes JMP 5F190F5A .text D:\Program Files\Java\jre6\bin\jqs.exe[1736] WS2_32.dll!WSASendTo 71A60A95 6 Bytes JMP 5F1F0F5A .text D:\Program Files\Java\jre6\bin\jqs.exe[1736] WS2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 5F130F5A .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2296] WS2_32.dll!sendto 71A52C69 6 Bytes JMP 5F100F5A .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2296] WS2_32.dll!recvfrom 71A52D0F 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2296] WS2_32.dll!connect 71A5406A 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2296] WS2_32.dll!send 71A5428A 6 Bytes JMP 5F0D0F5A .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2296] WS2_32.dll!WSARecv 71A54318 6 Bytes JMP 5F160F5A .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2296] WS2_32.dll!recv 71A5615A 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2296] WS2_32.dll!WSASend 71A56233 6 Bytes JMP 5F1C0F5A .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2296] WS2_32.dll!closesocket 71A59639 6 Bytes JMP 5F220F5A .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2296] WS2_32.dll!WSARecvFrom 71A5F652 6 Bytes JMP 5F190F5A .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2296] WS2_32.dll!WSASendTo 71A60A95 6 Bytes JMP 5F1F0F5A .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2296] WS2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 5F130F5A .text D:\Program Files\Syntezator mowy\ivo\UniSpiker-2.6\uni_spiker-2.6.exe[2652] WS2_32.dll!sendto 71A52C69 6 Bytes JMP 5F100F5A .text D:\Program Files\Syntezator mowy\ivo\UniSpiker-2.6\uni_spiker-2.6.exe[2652] WS2_32.dll!recvfrom 71A52D0F 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Syntezator mowy\ivo\UniSpiker-2.6\uni_spiker-2.6.exe[2652] WS2_32.dll!connect 71A5406A 6 Bytes JMP 5F040F5A .text D:\Program Files\Syntezator mowy\ivo\UniSpiker-2.6\uni_spiker-2.6.exe[2652] WS2_32.dll!send 71A5428A 6 Bytes JMP 5F0D0F5A .text D:\Program Files\Syntezator mowy\ivo\UniSpiker-2.6\uni_spiker-2.6.exe[2652] WS2_32.dll!WSARecv 71A54318 6 Bytes JMP 5F160F5A .text D:\Program Files\Syntezator mowy\ivo\UniSpiker-2.6\uni_spiker-2.6.exe[2652] WS2_32.dll!recv 71A5615A 6 Bytes JMP 5F070F5A .text D:\Program Files\Syntezator mowy\ivo\UniSpiker-2.6\uni_spiker-2.6.exe[2652] WS2_32.dll!WSASend 71A56233 6 Bytes JMP 5F1C0F5A .text D:\Program Files\Syntezator mowy\ivo\UniSpiker-2.6\uni_spiker-2.6.exe[2652] WS2_32.dll!closesocket 71A59639 6 Bytes JMP 5F220F5A .text D:\Program Files\Syntezator mowy\ivo\UniSpiker-2.6\uni_spiker-2.6.exe[2652] WS2_32.dll!WSARecvFrom 71A5F652 6 Bytes JMP 5F190F5A .text D:\Program Files\Syntezator mowy\ivo\UniSpiker-2.6\uni_spiker-2.6.exe[2652] WS2_32.dll!WSASendTo 71A60A95 6 Bytes JMP 5F1F0F5A .text D:\Program Files\Syntezator mowy\ivo\UniSpiker-2.6\uni_spiker-2.6.exe[2652] WS2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 5F130F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2852] WS2_32.dll!sendto 71A52C69 6 Bytes JMP 5F100F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2852] WS2_32.dll!recvfrom 71A52D0F 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2852] WS2_32.dll!connect 71A5406A 6 Bytes JMP 5F040F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2852] WS2_32.dll!send 71A5428A 6 Bytes JMP 5F0D0F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2852] WS2_32.dll!WSARecv 71A54318 6 Bytes JMP 5F160F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2852] WS2_32.dll!recv 71A5615A 6 Bytes JMP 5F070F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2852] WS2_32.dll!WSASend 71A56233 6 Bytes JMP 5F1C0F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2852] WS2_32.dll!closesocket 71A59639 6 Bytes JMP 5F220F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2852] WS2_32.dll!WSARecvFrom 71A5F652 6 Bytes JMP 5F190F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2852] WS2_32.dll!WSASendTo 71A60A95 6 Bytes JMP 5F1F0F5A .text D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2852] WS2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 5F130F5A .text F:\OTL1.exe[2944] WS2_32.dll!sendto 71A52C69 6 Bytes JMP 5F100F5A .text F:\OTL1.exe[2944] WS2_32.dll!recvfrom 71A52D0F 6 Bytes JMP 5F0A0F5A .text F:\OTL1.exe[2944] WS2_32.dll!connect 71A5406A 6 Bytes JMP 5F040F5A .text F:\OTL1.exe[2944] WS2_32.dll!send 71A5428A 6 Bytes JMP 5F0D0F5A .text F:\OTL1.exe[2944] WS2_32.dll!WSARecv 71A54318 6 Bytes JMP 5F160F5A .text F:\OTL1.exe[2944] WS2_32.dll!recv 71A5615A 6 Bytes JMP 5F070F5A .text F:\OTL1.exe[2944] WS2_32.dll!WSASend 71A56233 6 Bytes JMP 5F1C0F5A .text F:\OTL1.exe[2944] WS2_32.dll!closesocket 71A59639 6 Bytes JMP 5F220F5A .text F:\OTL1.exe[2944] WS2_32.dll!WSARecvFrom 71A5F652 6 Bytes JMP 5F190F5A .text F:\OTL1.exe[2944] WS2_32.dll!WSASendTo 71A60A95 6 Bytes JMP 5F1F0F5A .text F:\OTL1.exe[2944] WS2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 5F130F5A .text D:\Program Files\Messenger\msmsgs.exe[3380] WS2_32.dll!sendto 71A52C69 6 Bytes JMP 5F100F5A .text D:\Program Files\Messenger\msmsgs.exe[3380] WS2_32.dll!recvfrom 71A52D0F 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Messenger\msmsgs.exe[3380] WS2_32.dll!connect 71A5406A 6 Bytes JMP 5F040F5A .text D:\Program Files\Messenger\msmsgs.exe[3380] WS2_32.dll!send 71A5428A 6 Bytes JMP 5F0D0F5A .text D:\Program Files\Messenger\msmsgs.exe[3380] WS2_32.dll!WSARecv 71A54318 6 Bytes JMP 5F160F5A .text D:\Program Files\Messenger\msmsgs.exe[3380] WS2_32.dll!recv 71A5615A 6 Bytes JMP 5F070F5A .text D:\Program Files\Messenger\msmsgs.exe[3380] WS2_32.dll!WSASend 71A56233 6 Bytes JMP 5F1C0F5A .text D:\Program Files\Messenger\msmsgs.exe[3380] WS2_32.dll!closesocket 71A59639 6 Bytes JMP 5F220F5A .text D:\Program Files\Messenger\msmsgs.exe[3380] WS2_32.dll!WSARecvFrom 71A5F652 6 Bytes JMP 5F190F5A .text D:\Program Files\Messenger\msmsgs.exe[3380] WS2_32.dll!WSASendTo 71A60A95 6 Bytes JMP 5F1F0F5A .text D:\Program Files\Messenger\msmsgs.exe[3380] WS2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 5F130F5A ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Security, S.L.) Device \FileSystem\Fastfat \FatCdrom ShlDrv51.sys (PandaShield driver/Panda Security, S.L.) Device \Driver\ACPI \Device\00000040 tsk1.tmp Device \Driver\ACPI \Device\00000041 tsk1.tmp Device \Driver\ACPI \Device\00000042 tsk1.tmp Device \Driver\ACPI \Device\00000050 tsk1.tmp Device \Driver\ACPI \Device\00000043 tsk1.tmp Device \Driver\ACPI \Device\00000044 tsk1.tmp Device \Driver\ACPI \Device\00000051 tsk1.tmp Device \Driver\ACPI \Device\00000052 tsk1.tmp Device \Driver\ACPI \Device\00000053 tsk1.tmp Device \Driver\ACPI \Device\00000046 tsk1.tmp Device \Driver\ACPI \Device\00000060 tsk1.tmp Device \Driver\ACPI \Device\00000057 tsk1.tmp Device \Driver\ACPI \Device\00000058 tsk1.tmp Device \Driver\ACPI \Device\00000065 tsk1.tmp Device \Driver\ACPI \Device\00000059 tsk1.tmp Device \Driver\ACPI \Device\00000066 tsk1.tmp Device \Driver\ACPI \Device\00000067 tsk1.tmp Device \Driver\ACPI \Device\00000068 tsk1.tmp Device \Driver\ACPI \Device\00000069 tsk1.tmp Device \Driver\ACPI \Device\0000005a tsk1.tmp Device \Driver\ACPI \Device\0000004e tsk1.tmp Device \Driver\ACPI \Device\0000006c tsk1.tmp Device \FileSystem\Fastfat \Fat ShlDrv51.sys (PandaShield driver/Panda Security, S.L.) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@001df63efaeb 0x26 0xD5 0x87 0x56 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a310@001df63efaeb 0x26 0xD5 0x87 0x56 ... ---- EOF - GMER 1.0.15 ----