GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-25 23:46:14 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 WDC_WD5000AAKS-00V1A0 rev.05.01D05 465,76GB Running: fgms8134[1].exe; Driver: C:\DOCUME~1\Administrator.VOBIS\Local Settings\Temp\kgtdypog.sys ---- Kernel code sections - GMER 2.1 ---- .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF75BC346] ? SYMDS.SYS Nie można odnaleźć określonego pliku. ! ? SYMEFA.SYS Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\internet explorer\iexplore.exe[128] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[128] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC14 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[128] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E799F C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[128] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78D1 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[128] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E793C C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[128] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E77A2 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[128] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E7804 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[128] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E7A02 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[128] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7866 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[244] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[244] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B89 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[244] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1C5 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[244] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC14 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[244] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[244] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E799F C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[244] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78D1 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[244] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E793C C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[244] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E77A2 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[244] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E7804 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[244] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E7A02 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[244] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7866 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[244] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDC70 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\internet explorer\iexplore.exe[244] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E7D07 C:\WINDOWS\system32\IEFRAME.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1 ---- EOF - GMER 2.1 ----