GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-01 02:14:23 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200BEVS-07LAT0 rev.01.06M01 Running: 2bv8jkyi.exe; Driver: C:\DOCUME~1\Ola\USTAWI~1\Temp\kwlcipod.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[1184] USER32.dll!CallNextHookEx 77D3ED6E 5 Bytes JMP 4069D0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] USER32.dll!CreateWindowExW 77D41AD5 5 Bytes JMP 406ADB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 405D54C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] USER32.dll!DialogBoxParamA 77D488E1 5 Bytes JMP 407A47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] USER32.dll!DialogBoxIndirectParamW 77D52598 5 Bytes JMP 407A480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] USER32.dll!MessageBoxIndirectA 77D5AEF1 5 Bytes JMP 407A4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 406A9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 4061467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] USER32.dll!MessageBoxExW 77D70559 5 Bytes JMP 407A4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] USER32.dll!MessageBoxExA 77D7057D 5 Bytes JMP 407A4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] USER32.dll!DialogBoxIndirectParamA 77D76CED 5 Bytes JMP 407A4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] USER32.dll!MessageBoxIndirectW 77D860B7 5 Bytes JMP 407A46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] ole32.dll!OleLoadFromStream 77508C62 5 Bytes JMP 407A4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] ole32.dll!CoCreateInstance 77516009 5 Bytes JMP 406ADB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!CreateWindowExW 77D41AD5 5 Bytes JMP 406ADB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 405D54C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxParamA 77D488E1 5 Bytes JMP 407A47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxIndirectParamW 77D52598 5 Bytes JMP 407A480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxIndirectA 77D5AEF1 5 Bytes JMP 407A4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxExW 77D70559 5 Bytes JMP 407A4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxExA 77D7057D 5 Bytes JMP 407A4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxIndirectParamA 77D76CED 5 Bytes JMP 407A4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxIndirectW 77D860B7 5 Bytes JMP 407A46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[1184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Ola\Recent\Sprzedam BEZPOŚREDNIO całoroczny dom położony w miejscowości rekreacyjno.doc.lnk 968 bytes ---- EOF - GMER 1.0.15 ----