GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-08 17:45:30 Windows 5.1.2600 Dodatek Service Pack 3 Running: nossuy6v.exe; Driver: I:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pxtdapow.sys ---- User code sections - GMER 1.0.15 ---- .text I:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9A65 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D0DD I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADAD4 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061466C I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A7207 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A7139 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A71A4 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A700A I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A706C I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A726A I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A70CE I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[764] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB30 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[764] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A756F I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADAD4 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A7207 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A7139 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A71A4 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A700A I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A706C I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A726A I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1152] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A70CE I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1684] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1684] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9A65 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1684] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D0DD I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1684] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADAD4 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1684] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061466C I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1684] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A7207 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1684] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A7139 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1684] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A71A4 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1684] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A700A I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1684] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A706C I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1684] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A726A I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1684] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A70CE I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1684] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB30 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1684] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A756F I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1888] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1888] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9A65 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1888] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D0DD I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1888] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADAD4 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1888] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061466C I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1888] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A7207 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1888] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A7139 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1888] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A71A4 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1888] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A700A I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1888] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A706C I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1888] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A726A I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1888] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A70CE I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1888] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB30 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text I:\Program Files\Internet Explorer\iexplore.exe[1888] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A756F I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT I:\Program Files\Internet Explorer\iexplore.exe[764] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] I:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT I:\Program Files\Internet Explorer\iexplore.exe[1684] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] I:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT I:\Program Files\Internet Explorer\iexplore.exe[1888] @ I:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] I:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----