GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-06 14:57:49 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVT-22ZCT0 rev.11.01A11 Running: cqq8kvpv.exe; Driver: C:\DOCUME~1\pip\USTAWI~1\Temp\pxtdapob.sys ---- System - GMER 1.0.15 ---- SSDT BA7CF9EC ZwClose SSDT BA7CF9A6 ZwCreateKey SSDT BA7CF9F6 ZwCreateSection SSDT BA7CF99C ZwCreateThread SSDT BA7CF9AB ZwDeleteKey SSDT BA7CF9B5 ZwDeleteValueKey SSDT BA7CF9E7 ZwDuplicateObject SSDT BA7CF9BA ZwLoadKey SSDT BA7CF988 ZwOpenProcess SSDT BA7CF98D ZwOpenThread SSDT BA7CF9C4 ZwReplaceKey SSDT BA7CF9BF ZwRestoreKey SSDT BA7CF9FB ZwSetContextThread SSDT BA7CF9B0 ZwSetValueKey SSDT BA7CF997 ZwTerminateProcess ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[240] ntdll.dll!DbgUiRemoteBreakin 7C9520EC 1 Byte [C3] .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D54D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[588] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[1480] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 30F52DF0 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation) .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2268] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 30F52DF0 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D54D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2744] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2744] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D54D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D54D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D54D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3672] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3672] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3672] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[2744] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[2908] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3672] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----