GMER 1.0.15.15627 - http://www.gmer.net Rootkit scan 2011-06-16 17:11:26 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD040GJ rev.WY100-33 Running: gmer.exe; Driver: C:\TMP\pxtdapow.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xEC5D975C] ---- Kernel code sections - GMER 1.0.15 ---- ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[1200] SHELL32.dll!SHFileOperationW 7CA70A94 5 Bytes JMP 00E41102 C:\Program Files\Unlocker\UnlockerHook.dll .text C:\WINDOWS\Explorer.EXE[1200] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 01508770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\WINDOWS\Explorer.EXE[1200] ws2_32.dll!connect 71A54A07 5 Bytes JMP 01508130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\WINDOWS\Explorer.EXE[1200] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 015083E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1448] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 00DB8770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1448] WS2_32.dll!connect 71A54A07 5 Bytes JMP 00DB8130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1448] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00DB83E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1456] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00ED8770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1456] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00ED8130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1456] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00ED83E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1496] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 10008770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1496] ws2_32.dll!connect 71A54A07 5 Bytes JMP 10008130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1496] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 100083E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1516] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 07B58770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1516] WS2_32.dll!connect 71A54A07 5 Bytes JMP 07B58130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1516] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 07B583E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\PeerBlock\peerblock.exe[1524] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes JMP 004314E0 C:\Program Files\PeerBlock\peerblock.exe (PeerBlock/PeerBlock, LLC) .text C:\Program Files\PeerBlock\peerblock.exe[1524] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 00D38770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\PeerBlock\peerblock.exe[1524] WS2_32.dll!connect 71A54A07 5 Bytes JMP 00D38130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\PeerBlock\peerblock.exe[1524] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00D383E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1532] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 012E8770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1532] WS2_32.dll!connect 71A54A07 5 Bytes JMP 012E8130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1532] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 012E83E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\ID-Blaster Plus\idblasterplus.exe[1552] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00E78770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\ID-Blaster Plus\idblasterplus.exe[1552] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00E78130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\ID-Blaster Plus\idblasterplus.exe[1552] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00E783E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1788] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00] .text C:\D & S\Administrator\Pulpit\gmer.exe[2284] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00B18770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\D & S\Administrator\Pulpit\gmer.exe[2284] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00B18130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\D & S\Administrator\Pulpit\gmer.exe[2284] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00B183E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@ProductId 09800-OEM-0015751-04389 ---- EOF - GMER 1.0.15 ----