GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-13 12:38:01 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3320418AS rev.CC37 Running: o2gudchy.exe; Driver: C:\DOCUME~1\LO\USTAWI~1\Temp\kfroraow.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[492] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[492] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[492] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[492] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[492] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[492] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[492] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[492] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[492] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40614686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[576] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[576] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40614686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40614686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3036] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3036] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[588] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----