GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-27 17:02:02 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16 ST3160815AS rev.3.AAA 149,05GB Running: xt70x1d9.exe; Driver: E:\DOCUME~1\Andrzej\USTAWI~1\Temp\fwxyyfoc.sys ---- User code sections - GMER 2.0 ---- .text E:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtLockProductActivationKeys 7C90D490 5 Bytes JMP 10001000 E:\WINDOWS\system32\antiwpa.dll .text E:\WINDOWS\system32\winlogon.exe[736] USER32.dll!GetSystemMetrics 7E368F9C 5 Bytes JMP 10001018 E:\WINDOWS\system32\antiwpa.dll .text E:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D54D5 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB5C E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53C7 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52F9 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A5364 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51CA E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A522C E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A542A E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A528E E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2012] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D54D5 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2012] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AE9 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2012] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D125 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2012] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB5C E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2012] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061467E E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2012] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53C7 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2012] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52F9 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2012] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A5364 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2012] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51CA E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2012] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A522C E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2012] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A542A E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2012] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A528E E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2012] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 406ADBB8 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2012] ole32.dll!OleLoadFromStream 77519C85 5 Bytes JMP 407A572F E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D54D5 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AE9 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D125 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB5C E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061467E E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53C7 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52F9 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A5364 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51CA E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A522C E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A542A E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A528E E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2520] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 406ADBB8 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2520] ole32.dll!OleLoadFromStream 77519C85 5 Bytes JMP 407A572F E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D54D5 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AE9 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D125 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB5C E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061467E E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53C7 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52F9 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A5364 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51CA E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A522C E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A542A E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2648] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A528E E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2648] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 406ADBB8 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\Internet Explorer\iexplore.exe[2648] ole32.dll!OleLoadFromStream 77519C85 5 Bytes JMP 407A572F E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text E:\Program Files\FlashGet Network\FlashGet 3\flashget3.exe[2772] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 004E37A0 E:\Program Files\FlashGet Network\FlashGet 3\flashget3.exe (FlashGet3/Trend Media Corporation Limited) .text E:\Program Files\FlashGet Network\FlashGet 3\flashget3.exe[2772] WS2_32.dll!send 71A54C27 5 Bytes JMP 01DD0000 .text E:\Program Files\FlashGet Network\FlashGet 3\flashget3.exe[2772] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 01DE0000 ---- User IAT/EAT - GMER 2.0 ---- IAT E:\Program Files\Internet Explorer\iexplore.exe[2012] @ E:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] E:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT E:\Program Files\Internet Explorer\iexplore.exe[2520] @ E:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] E:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT E:\Program Files\Internet Explorer\iexplore.exe[2648] @ E:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] E:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- EOF - GMER 2.0 ----