GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-28 16:50:47 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-88JHC0 rev.05.01C05 Running: 8d837tg2.exe; Driver: C:\DOCUME~1\Indeco\USTAWI~1\Temp\ugtdrpog.sys ---- System - GMER 1.0.15 ---- INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B821B16D INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B821AFC2 Code \??\C:\ComboFix\catchme.sys pIofCallDriver ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB7E11400, 0x7960C, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB7EB3420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB7EB3420] .protect˙˙˙˙hardlockunknown last code section [0xB7EB3200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB7EB3200, 0x5049, 0xE0000020] ? C:\ComboFix\catchme.sys System nie może odnaleźć określonej ścieżki. ! ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ? C:\DOCUME~1\Indeco\USTAWI~1\Temp\mbr.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[1704] USER32.dll!UnhookWindowsHookEx 7E36F21E 5 Bytes JMP 4061467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1704] USER32.dll!CallNextHookEx 7E36F85B 5 Bytes JMP 4069D0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1704] USER32.dll!CreateWindowExW 7E36FC25 5 Bytes JMP 406ADB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1704] USER32.dll!DialogBoxParamW 7E37555F 5 Bytes JMP 405D54C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1704] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 406A9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1704] USER32.dll!DialogBoxIndirectParamW 7E382032 5 Bytes JMP 407A480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1704] USER32.dll!MessageBoxIndirectA 7E38A04A 5 Bytes JMP 407A4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1704] USER32.dll!DialogBoxParamA 7E38B10C 5 Bytes JMP 407A47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1704] USER32.dll!MessageBoxExW 7E3A05D8 5 Bytes JMP 407A4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1704] USER32.dll!MessageBoxExA 7E3A05FC 5 Bytes JMP 407A4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1704] USER32.dll!DialogBoxIndirectParamA 7E3A6B50 5 Bytes JMP 407A4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1704] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 407A46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1704] ole32.dll!CoCreateInstance 774EFAC3 5 Bytes JMP 406ADB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1704] ole32.dll!OleLoadFromStream 7751A257 5 Bytes JMP 407A4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!CreateWindowExW 7E36FC25 5 Bytes JMP 406ADB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!DialogBoxParamW 7E37555F 5 Bytes JMP 405D54C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!DialogBoxIndirectParamW 7E382032 5 Bytes JMP 407A480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!MessageBoxIndirectA 7E38A04A 5 Bytes JMP 407A4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!DialogBoxParamA 7E38B10C 5 Bytes JMP 407A47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!MessageBoxExW 7E3A05D8 5 Bytes JMP 407A4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!MessageBoxExA 7E3A05FC 5 Bytes JMP 407A4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!DialogBoxIndirectParamA 7E3A6B50 5 Bytes JMP 407A4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2952] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 407A46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[1704] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----