GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-22 20:41:55 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD1600BEVS-07RST0 rev.04.01G04 Running: egqivvp0.exe; Driver: C:\DOCUME~1\x\USTAWI~1\Temp\kwxyraod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xBA5604D0] SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xBA560520] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[1464] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 01E6008D .text C:\WINDOWS\Explorer.EXE[1464] WS2_32.dll!connect 71A54A07 5 Bytes JMP 01E6002D .text C:\WINDOWS\Explorer.EXE[1464] WS2_32.dll!getpeername 71A60B68 5 Bytes JMP 01E600BD .text C:\WINDOWS\Explorer.EXE[1464] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 01E6005D .text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[1944] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 016E008D .text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[1944] ws2_32.dll!connect 71A54A07 5 Bytes JMP 016E002D .text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[1944] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 016E00BD .text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[1944] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 016E005D .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2496] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 0133008D .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2496] ws2_32.dll!connect 71A54A07 5 Bytes JMP 0133002D .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2496] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 013300BD .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2496] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 0133005D .text C:\Documents and Settings\x\Moje dokumenty\Pobieranie\egqivvp0.exe[3184] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00B6008D .text C:\Documents and Settings\x\Moje dokumenty\Pobieranie\egqivvp0.exe[3184] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00B6002D .text C:\Documents and Settings\x\Moje dokumenty\Pobieranie\egqivvp0.exe[3184] ws2_32.dll!getpeername 71A60B68 5 Bytes JMP 00B600BD .text C:\Documents and Settings\x\Moje dokumenty\Pobieranie\egqivvp0.exe[3184] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00B6005D ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ---- EOF - GMER 1.0.15 ----