GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-04-17 09:06:02 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-13 Maxtor_6Y060L0 rev.YAR41VW0 Running: qydxzse3.exe; Driver: C:\TMP\pxtdapow.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xEC83275C] ---- Kernel code sections - GMER 1.0.15 ---- ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Gadu-Gadu 10\gg.exe[220] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 02B7008D .text C:\Program Files\Gadu-Gadu 10\gg.exe[220] WS2_32.dll!connect 71A54A07 5 Bytes JMP 02B7002D .text C:\Program Files\Gadu-Gadu 10\gg.exe[220] WS2_32.dll!getpeername 71A60B68 5 Bytes JMP 02B700BD .text C:\Program Files\Gadu-Gadu 10\gg.exe[220] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 02B7005D .text C:\Program Files\Process Lasso\processlasso.exe[552] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 0121008D .text C:\Program Files\Process Lasso\processlasso.exe[552] ws2_32.dll!connect 71A54A07 5 Bytes JMP 0121002D .text C:\Program Files\Process Lasso\processlasso.exe[552] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 012100BD .text C:\Program Files\Process Lasso\processlasso.exe[552] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 0121005D .text C:\Program Files\ID-Blaster Plus\idblasterplus.exe[620] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00DC008D .text C:\Program Files\ID-Blaster Plus\idblasterplus.exe[620] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00DC002D .text C:\Program Files\ID-Blaster Plus\idblasterplus.exe[620] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 00DC00BD .text C:\Program Files\ID-Blaster Plus\idblasterplus.exe[620] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00DC005D .text E:\Programy\ANTYVIRUSY\Gmer\qydxzse3.exe[1148] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00B4008D .text E:\Programy\ANTYVIRUSY\Gmer\qydxzse3.exe[1148] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00B4002D .text E:\Programy\ANTYVIRUSY\Gmer\qydxzse3.exe[1148] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 00B400BD .text E:\Programy\ANTYVIRUSY\Gmer\qydxzse3.exe[1148] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00B4005D .text C:\WINDOWS\Explorer.EXE[1552] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 022E1102 C:\Program Files\Unlocker\UnlockerHook.dll .text C:\WINDOWS\Explorer.EXE[1552] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 01DA008D .text C:\WINDOWS\Explorer.EXE[1552] WS2_32.dll!connect 71A54A07 5 Bytes JMP 01DA002D .text C:\WINDOWS\Explorer.EXE[1552] WS2_32.dll!getpeername 71A60B68 5 Bytes JMP 01DA00BD .text C:\WINDOWS\Explorer.EXE[1552] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 01DA005D .text C:\Program Files\CometBird\CometBird.exe[1576] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 0040131E C:\Program Files\CometBird\CometBird.exe (CometBird/CometNetwork) .text C:\Program Files\CometBird\CometBird.exe[1576] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 0516008D .text C:\Program Files\CometBird\CometBird.exe[1576] WS2_32.dll!connect 71A54A07 5 Bytes JMP 0516002D .text C:\Program Files\CometBird\CometBird.exe[1576] WS2_32.dll!getpeername 71A60B68 5 Bytes JMP 051600BD .text C:\Program Files\CometBird\CometBird.exe[1576] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 0516005D ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avfwot.sys (TDI filtering kernel driver/Avira GmbH) AttachedDevice \Driver\Tcpip \Device\Tcp avfwot.sys (TDI filtering kernel driver/Avira GmbH) AttachedDevice \Driver\Tcpip \Device\Udp avfwot.sys (TDI filtering kernel driver/Avira GmbH) AttachedDevice \Driver\Tcpip \Device\RawIp avfwot.sys (TDI filtering kernel driver/Avira GmbH) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@ProductId 19447-OEM-7085795-71150 Reg HKCU\Software\Microsoft\Windows Media\WMSDK\General@UniqueID {40663427-2130-4894-9241-753262259072} ---- EOF - GMER 1.0.15 ----