GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-05 19:44:08 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 ST3250410AS rev.4.AAA Running: tegtuzd7[1].exe; Driver: C:\DOCUME~1\Radek\USTAWI~1\Temp\kxtoapod.sys ---- System - GMER 1.0.15 ---- SSDT 89BDE1C8 ZwAlertResumeThread SSDT 89BA70A8 ZwAlertThread SSDT 89BB8658 ZwAllocateVirtualMemory SSDT 89B67CE0 ZwAssignProcessToJobObject SSDT 89C0FDA8 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA553D40] SSDT 89BA50F8 ZwCreateMutant SSDT 89BDCCE8 ZwCreateSymbolicLinkObject SSDT 89B69750 ZwCreateThread SSDT 89BC0E08 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA553FC0] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA554680] SSDT 89D61650 ZwDuplicateObject SSDT 89BB9060 ZwFreeVirtualMemory SSDT 89BA51C8 ZwImpersonateAnonymousToken SSDT 89BDE0E8 ZwImpersonateThread SSDT 89EE98C0 ZwLoadDriver SSDT 89BDD140 ZwMapViewOfSection SSDT 89B89808 ZwOpenEvent SSDT 8A155FC0 ZwOpenProcess SSDT 89BB8748 ZwOpenProcessToken SSDT 89BC0FD0 ZwOpenSection SSDT 8A153FC0 ZwOpenThread SSDT 89BDCDB8 ZwProtectVirtualMemory SSDT 89BA7188 ZwResumeThread SSDT 89B87078 ZwSetContextThread SSDT 89B87158 ZwSetInformationProcess SSDT 89BC0EA8 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA554910] SSDT 89B89728 ZwSuspendProcess SSDT 89B890A8 ZwSuspendThread SSDT 89BBD100 ZwTerminateProcess SSDT 89B89188 ZwTerminateThread SSDT 89BDD060 ZwUnmapViewOfSection SSDT 89BB9150 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2CB4 80504550 8 Bytes CALL D0DA0321 .text ntkrnlpa.exe!ZwCallbackReturn + 2D50 805045EC 4 Bytes CALL B2DA03D1 ? SYMDS.SYS Nie można odnaleźć określonego pliku. ! ? SYMEFA.SYS Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8AB2000, 0x19DA46, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 01B0DC86 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 01B0EED3 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40614686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 01B0ED11 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 01B0E987 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 01B0EC36 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 01B0EDEC .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 01B0EB6A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 01B0F09E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 01B0EA9E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 01B0EFBA .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 01B0F45E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 01B0F52B .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 01B0D7D7 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 01B0E8E0 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] WS2_32.dll!send 71A54C27 5 Bytes JMP 01B0E455 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 01B0E67C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 01B0D716 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] WS2_32.dll!recv 71A5676F 5 Bytes JMP 01B0E4FA .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 01B0E5A8 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] WS2_32.dll!WSAAsyncGetHostByName 71A5E99D 5 Bytes JMP 01B0DBA7 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 02EADC86 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 02EAEED3 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40614686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 02EAED11 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 02EAE987 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 02EAEC36 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 02EAEDEC .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 02EAEB6A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 02EAF09E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 02EAEA9E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 02EAEFBA .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 02EAF45E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 02EAF52B .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] ws2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 02EAD7D7 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] ws2_32.dll!closesocket 71A53E2B 5 Bytes JMP 02EAE8E0 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] ws2_32.dll!send 71A54C27 5 Bytes JMP 02EAE455 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] ws2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 02EAE67C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] ws2_32.dll!gethostbyname 71A55355 5 Bytes JMP 02EAD716 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] ws2_32.dll!recv 71A5676F 5 Bytes JMP 02EAE4FA .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] ws2_32.dll!WSASend 71A568FA 5 Bytes JMP 02EAE5A8 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] ws2_32.dll!WSAAsyncGetHostByName 71A5E99D 5 Bytes JMP 02EADBA7 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 02D5DC86 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 02D5EED3 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40614686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 02D5ED11 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 02D5E987 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 02D5EC36 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 02D5EDEC .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 02D5EB6A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 02D5F09E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 02D5EA9E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 02D5EFBA .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 02D5F45E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 02D5F52B .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] ws2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 02D5D7D7 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] ws2_32.dll!closesocket 71A53E2B 5 Bytes JMP 02D5E8E0 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] ws2_32.dll!send 71A54C27 5 Bytes JMP 02D5E455 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] ws2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 02D5E67C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] ws2_32.dll!gethostbyname 71A55355 5 Bytes JMP 02D5D716 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] ws2_32.dll!recv 71A5676F 5 Bytes JMP 02D5E4FA .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] ws2_32.dll!WSASend 71A568FA 5 Bytes JMP 02D5E5A8 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] ws2_32.dll!WSAAsyncGetHostByName 71A5E99D 5 Bytes JMP 02D5DBA7 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 0273DC86 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 0273EED3 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 0273ED11 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 0273E987 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 0273EC36 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 0273EDEC .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 0273EB6A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 0273F09E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 0273EA9E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 0273EFBA .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 0273F45E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 0273F52B .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] ws2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 0273D7D7 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] ws2_32.dll!closesocket 71A53E2B 5 Bytes JMP 0273E8E0 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] ws2_32.dll!send 71A54C27 5 Bytes JMP 0273E455 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] ws2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 0273E67C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] ws2_32.dll!gethostbyname 71A55355 5 Bytes JMP 0273D716 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] ws2_32.dll!recv 71A5676F 5 Bytes JMP 0273E4FA .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] ws2_32.dll!WSASend 71A568FA 5 Bytes JMP 0273E5A8 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2896] ws2_32.dll!WSAAsyncGetHostByName 71A5E99D 5 Bytes JMP 0273DBA7 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00EDDC86 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 00EDEED3 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40614686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 00EDED11 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 00EDE987 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 00EDEC36 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 00EDEDEC .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00EDEB6A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00EDF09E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00EDEA9E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00EDEFBA .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00EDF45E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 00EDF52B .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00EDD7D7 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 00EDE8E0 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] WS2_32.dll!send 71A54C27 5 Bytes JMP 00EDE455 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 00EDE67C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 00EDD716 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] WS2_32.dll!recv 71A5676F 5 Bytes JMP 00EDE4FA .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 00EDE5A8 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] WS2_32.dll!WSAAsyncGetHostByName 71A5E99D 5 Bytes JMP 00EDDBA7 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) ---- EOF - GMER 1.0.15 ----