GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-13 19:30:39 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 Hitachi_HDT721064SLA360 rev.STDOA31B 596,17GB Running: 9i7d73gj.exe; Driver: C:\Users\Kasia\AppData\Local\Temp\fwddykob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3852] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076a82da4 5 bytes JMP 000000016f259ebc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3852] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076a9cbf3 5 bytes JMP 000000016f3a913e .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3852] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076a9cfca 5 bytes JMP 000000016f1b1893 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3852] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076abcb0c 5 bytes JMP 000000016f3a90d9 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3852] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076abce64 5 bytes JMP 000000016f3a91a3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3852] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076acfbd1 5 bytes JMP 000000016f3a9060 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3852] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076acfc9d 5 bytes JMP 000000016f3a8fe7 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3852] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076acfcd6 5 bytes JMP 000000016f3a8f83 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3852] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076acfcfa 5 bytes JMP 000000016f3a8f1f .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3852] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000768c93ec 5 bytes JMP 000000016f3a9358 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075891465 2 bytes [89, 75] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758914bb 2 bytes [89, 75] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3852] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 0000000074e6388e 5 bytes JMP 000000016f3a9208 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3852] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000074f07922 5 bytes JMP 000000016f3a92b0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3852] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076942694 5 bytes JMP 000000016f3a9550 ? C:\Windows\system32\mssprxy.dll [3852] entry point in ".rdata" section 0000000073cc71e6 ? C:\Windows\System32\NLSData0000.dll [3852] entry point in ".rdata" section 000000006fbac541 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077aa25fd 6 bytes JMP 000000016f278042 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ab2a63 6 bytes JMP 000000016f21980d .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000770b34b5 5 bytes JMP 000000016f2175e3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a78a29 5 bytes JMP 000000016f2803cf .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076a7d22e 5 bytes JMP 000000016f223643 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076a82da4 5 bytes JMP 000000016f259ebc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076a86285 5 bytes JMP 000000016f277fdf .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076a87603 5 bytes JMP 000000016f2525b4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076a9cbf3 5 bytes JMP 000000016f3a913e .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076a9cfca 5 bytes JMP 000000016f1b1893 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076a9f52b 5 bytes JMP 000000016f29ed00 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076abcb0c 5 bytes JMP 000000016f3a90d9 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076abce64 5 bytes JMP 000000016f3a91a3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076acfbd1 5 bytes JMP 000000016f3a9060 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076acfc9d 5 bytes JMP 000000016f3a8fe7 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076acfcd6 5 bytes JMP 000000016f3a8f83 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076acfcfa 5 bytes JMP 000000016f3a8f1f .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075506143 5 bytes JMP 000000016f3a990c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076863e59 5 bytes JMP 000000016f3a9a04 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076863eae 5 bytes JMP 000000016f3a9a82 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076864731 5 bytes JMP 000000016f3a9976 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076865dee 5 bytes JMP 000000016f3a9a22 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000768c93ec 5 bytes JMP 000000016f3a9358 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075891465 2 bytes [89, 75] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758914bb 2 bytes [89, 75] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 0000000074e6388e 5 bytes JMP 000000016f3a9208 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000074f07922 5 bytes JMP 000000016f3a92b0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3916] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076942694 5 bytes JMP 000000016f3a9550 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2124:3336] 000007fefc2d2a7c ---- Files - GMER 2.1 ---- File C:\Users\Kasia\AppData\Local\Temp\lucene-20989c42cb9dc2e173ac88609e30cf35-commit.lock 0 bytes ---- EOF - GMER 2.1 ----