GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-07-27 23:48:16 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD3202ABYS-01B7A0 rev.02.03B02 Running: t0u85d6b.exe; Driver: C:\DOCUME~1\Biuro\USTAWI~1\Temp\uxldypoc.sys ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7B4EF80] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00CACFE0 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00CAD514 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00CACF14 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00CAD430 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00CAD8D4 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 00CAD9A1 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00CAC23C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 00CAD349 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 00CAD187 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 00CACDFD .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 00CAD0AC .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 00CAD262 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00CABD87 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 00CACD56 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] WS2_32.dll!send 71A54C27 5 Bytes JMP 00CAC8CB .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 00CACAF2 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 00CABCC6 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] WS2_32.dll!recv 71A5676F 5 Bytes JMP 00CAC970 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 00CACA1E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1520] WS2_32.dll!WSAAsyncGetHostByName 71A5E99D 5 Bytes JMP 00CAC15D .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00FCCFE0 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00FCD514 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00FCCF14 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00FCD430 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00FCD8D4 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 00FCD9A1 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00FCC23C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 00FCD349 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 00FCD187 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 00FCCDFD .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 00FCD0AC .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 00FCD262 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] ws2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00FCBD87 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] ws2_32.dll!closesocket 71A53E2B 5 Bytes JMP 00FCCD56 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] ws2_32.dll!send 71A54C27 5 Bytes JMP 00FCC8CB .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] ws2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 00FCCAF2 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] ws2_32.dll!gethostbyname 71A55355 5 Bytes JMP 00FCBCC6 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] ws2_32.dll!recv 71A5676F 5 Bytes JMP 00FCC970 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] ws2_32.dll!WSASend 71A568FA 5 Bytes JMP 00FCCA1E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1588] ws2_32.dll!WSAAsyncGetHostByName 71A5E99D 5 Bytes JMP 00FCC15D ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.) AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet@5 2725 ---- EOF - GMER 1.0.15 ----