GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-01-02 19:27:29 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JD-00HBB0 rev.08.02D08 Running: hx7zme7e.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pgtdypoc.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7F4F360, 0x3D46A5, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[428] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D51D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[428] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406AD2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[428] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407CB6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[428] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407CB5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[428] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407CB668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[428] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407CB4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[428] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407CB530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[428] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407CB72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[428] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407CB592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1608] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D51D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1608] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1608] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069C8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1608] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406AD2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1608] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40614254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1608] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407CB6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1608] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407CB5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1608] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407CB668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1608] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407CB4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1608] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407CB530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1608] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407CB72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1608] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407CB592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1608] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 406AD320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1608] ws2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 7249667D C:\WINDOWS\system32\lfquklausprxwe.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2384] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2764] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10402342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[1608] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1A7B] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----