GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-25 18:08:07 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\00000060 WDC_WD2000JS-00PDB0 rev.21.00M21 Running: w7om9gtq.exe; Driver: C:\DOCUME~1\PC\USTAWI~1\Temp\afrdikod.sys ---- System - GMER 1.0.15 ---- SSDT F8A82F74 ZwClose SSDT F8A82F2E ZwCreateKey SSDT F8A82F7E ZwCreateSection SSDT F8A82F24 ZwCreateThread SSDT F8A82F33 ZwDeleteKey SSDT F8A82F3D ZwDeleteValueKey SSDT F8A82F6F ZwDuplicateObject SSDT F8A82F42 ZwLoadKey SSDT F8A82F10 ZwOpenProcess SSDT F8A82F15 ZwOpenThread SSDT F8A82F4C ZwReplaceKey SSDT F8A82F47 ZwRestoreKey SSDT F8A82F83 ZwSetContextThread SSDT F8A82F38 ZwSetValueKey SSDT F8A82F1F ZwTerminateProcess ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\internet explorer\iexplore.exe[1160] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[1160] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 00A8EED3 .text C:\Program Files\internet explorer\iexplore.exe[1160] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[1160] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 00A8ED11 .text C:\Program Files\internet explorer\iexplore.exe[1160] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 00A8E987 .text C:\Program Files\internet explorer\iexplore.exe[1160] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[1160] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[1160] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[1160] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 00A8EC36 .text C:\Program Files\internet explorer\iexplore.exe[1160] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 00A8EDEC .text C:\Program Files\internet explorer\iexplore.exe[1160] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[1160] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[1160] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[1160] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[1160] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00A8EB6A .text C:\Program Files\internet explorer\iexplore.exe[1160] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00A8F09E .text C:\Program Files\internet explorer\iexplore.exe[1160] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00A8EA9E .text C:\Program Files\internet explorer\iexplore.exe[1160] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00A8EFBA .text C:\Program Files\internet explorer\iexplore.exe[1160] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00A8F45E .text C:\Program Files\internet explorer\iexplore.exe[1160] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 00A8F52B .text C:\Program Files\internet explorer\iexplore.exe[1160] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00A8D7D7 .text C:\Program Files\internet explorer\iexplore.exe[1160] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 00A8E8E0 .text C:\Program Files\internet explorer\iexplore.exe[1160] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A8E455 .text C:\Program Files\internet explorer\iexplore.exe[1160] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 00A8E67C .text C:\Program Files\internet explorer\iexplore.exe[1160] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 00A8D716 .text C:\Program Files\internet explorer\iexplore.exe[1160] WS2_32.dll!recv 71A5676F 5 Bytes JMP 00A8E4FA .text C:\Program Files\internet explorer\iexplore.exe[1160] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 00A8E5A8 .text C:\Program Files\internet explorer\iexplore.exe[1160] WS2_32.dll!WSAAsyncGetHostByName 71A5E99D 5 Bytes JMP 00A8DBA7 ---- EOF - GMER 1.0.15 ----