GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-05-13 00:26:07 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 SAMSUNG_HD040GJ rev.WY100-33 Running: qydxzse3.exe; Driver: F:\\pxtdapow.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xEB23C75C] ---- Kernel code sections - GMER 1.0.15 ---- ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\PeerBlock\peerblock.exe[224] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes JMP 004314E0 C:\Program Files\PeerBlock\peerblock.exe (PeerBlock/PeerBlock, LLC) .text C:\Program Files\PeerBlock\peerblock.exe[224] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 00D5008D .text C:\Program Files\PeerBlock\peerblock.exe[224] WS2_32.dll!connect 71A54A07 5 Bytes JMP 00D5002D .text C:\Program Files\PeerBlock\peerblock.exe[224] WS2_32.dll!getpeername 71A60B68 5 Bytes JMP 00D500BD .text C:\Program Files\PeerBlock\peerblock.exe[224] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00D5005D .text C:\Program Files\ID-Blaster Plus\idblasterplus.exe[236] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 0155008D .text C:\Program Files\ID-Blaster Plus\idblasterplus.exe[236] ws2_32.dll!connect 71A54A07 5 Bytes JMP 0155002D .text C:\Program Files\ID-Blaster Plus\idblasterplus.exe[236] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 015500BD .text C:\Program Files\ID-Blaster Plus\idblasterplus.exe[236] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 0155005D .text C:\Program Files\Gadu-Gadu 10\gg.exe[252] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 06FC008D .text C:\Program Files\Gadu-Gadu 10\gg.exe[252] WS2_32.dll!connect 71A54A07 5 Bytes JMP 06FC002D .text C:\Program Files\Gadu-Gadu 10\gg.exe[252] WS2_32.dll!getpeername 71A60B68 5 Bytes JMP 06FC00BD .text C:\Program Files\Gadu-Gadu 10\gg.exe[252] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 06FC005D .text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[260] WS2_32.dll!getsockname 71A53D10 3 Bytes JMP 0131008D .text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[260] WS2_32.dll!getsockname + 4 71A53D14 1 Byte [8F] .text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[260] WS2_32.dll!connect 71A54A07 3 Bytes JMP 0131002D .text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[260] WS2_32.dll!connect + 4 71A54A0B 1 Byte [8F] .text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[260] WS2_32.dll!getpeername 71A60B68 5 Bytes JMP 013100BD .text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[260] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 0131005D .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[268] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 012D008D .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[268] WS2_32.dll!connect 71A54A07 5 Bytes JMP 012D002D .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[268] WS2_32.dll!getpeername 71A60B68 5 Bytes JMP 012D00BD .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[268] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 012D005D .text D:\Dokumenty - Programy\Programy\ANTYVIRUSY\Gmer\qydxzse3.exe[804] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00B2008D .text D:\Dokumenty - Programy\Programy\ANTYVIRUSY\Gmer\qydxzse3.exe[804] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00B2002D .text D:\Dokumenty - Programy\Programy\ANTYVIRUSY\Gmer\qydxzse3.exe[804] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 00B200BD .text D:\Dokumenty - Programy\Programy\ANTYVIRUSY\Gmer\qydxzse3.exe[804] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00B2005D .text C:\WINDOWS\Explorer.EXE[1272] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 0361008D .text C:\WINDOWS\Explorer.EXE[1272] ws2_32.dll!connect 71A54A07 5 Bytes JMP 0361002D .text C:\WINDOWS\Explorer.EXE[1272] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 036100BD .text C:\WINDOWS\Explorer.EXE[1272] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 0361005D .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00] ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@ProductId 46552-OEM-2932165-66480 Reg HKCU\Software\Microsoft\Windows Media\WMSDK\General@UniqueID {57708689-5882-6057-6635-043476767132} ---- EOF - GMER 1.0.15 ----