GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-11-17 20:23:10 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2040BH rev.00000025 Running: 8mndrr6y.exe; Driver: C:\DOCUME~1\kasia\USTAWI~1\Temp\pxtdqpoc.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[2472] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 4059F4C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2472] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 40714846 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2472] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407147C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2472] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 4071480B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2472] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40714753 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2472] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 4071478D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2472] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[2472] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 40714881 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2472] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 405C177A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2472] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 40714A43 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\prodrv06 \Device\ProDrv06 E1BFAC30 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\prohlp02 \Device\ProHlp02 E16C6368 Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- Files - GMER 1.0.15 ---- ADS C:\System Volume Information\_restore{BED0B80F-B713-4028-8700-4168F041D781}\RP1302\A0255193.exe:ext.exe 46080 bytes executable ---- EOF - GMER 1.0.15 ----