GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-09 12:40:08 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 ST3500418AS rev.CC38 Running: y5w3ke4c.exe; Driver: C:\DOCUME~1\OEM\USTAWI~1\Temp\pxxcqpow.sys ---- System - GMER 1.0.15 ---- SSDT B87DF19C ZwClose SSDT B87DF156 ZwCreateKey SSDT B87DF1A6 ZwCreateSection SSDT B87DF14C ZwCreateThread SSDT B87DF15B ZwDeleteKey SSDT B87DF165 ZwDeleteValueKey SSDT B87DF197 ZwDuplicateObject SSDT B87DF16A ZwLoadKey SSDT B87DF138 ZwOpenProcess SSDT B87DF13D ZwOpenThread SSDT B87DF174 ZwReplaceKey SSDT B87DF16F ZwRestoreKey SSDT B87DF1AB ZwSetContextThread SSDT B87DF160 ZwSetValueKey SSDT B87DF147 ZwTerminateProcess SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB3C3B75C] INT 0x63 ? 8A53CF00 INT 0x63 ? 8A53CF00 INT 0x63 ? 8A53CF00 INT 0x63 ? 8A53CF00 INT 0x73 ? 8A690CB8 INT 0x83 ? 8A53CF00 INT 0x94 ? 8A53CF00 INT 0xA4 ? 8A53CF00 INT 0xB4 ? 8A690CB8 INT 0xB4 ? 8A690CB8 INT 0xB4 ? 8A690CB8 INT 0xB4 ? 8A690CB8 INT 0xB4 ? 8A53CF00 INT 0xB4 ? 8A690CB8 ---- Kernel code sections - GMER 1.0.15 ---- .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB7FA1089] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F33380, 0x3DF295, 0xE8000020] .text USBPORT.SYS!DllUnload B6EEB8AC 5 Bytes JMP 8A53C410 .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB3CF3300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB83B8300, 0x1BEE, 0xE8000020] ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[1124] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1124] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1124] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1124] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1124] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1124] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1124] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1124] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1124] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 026D0B00 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 026D0E60 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40614686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 026D0D70 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!CreateDialogParamA 7E38C7DB 5 Bytes JMP 026D0C80 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!MessageBoxA 7E3A07EA 5 Bytes JMP 026D0FE0 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 026CFDE0 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!MessageBoxW 7E3B6534 5 Bytes JMP 026D10C0 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 026CFF40 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1444] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 02AE0B00 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 02AE0E60 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40614686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 02AE0D70 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!CreateDialogParamA 7E38C7DB 5 Bytes JMP 02AE0C80 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!MessageBoxA 7E3A07EA 5 Bytes JMP 02AE0FE0 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 02ADFDE0 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!MessageBoxW 7E3B6534 5 Bytes JMP 02AE10C0 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 02ADFF40 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2152] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 026D0B00 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 026D0E60 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40614686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 026D0D70 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!CreateDialogParamA 7E38C7DB 5 Bytes JMP 026D0C80 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!MessageBoxA 7E3A07EA 5 Bytes JMP 026D0FE0 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 026CFDE0 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!MessageBoxW 7E3B6534 5 Bytes JMP 026D10C0 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 026CFF40 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3600] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 027D0B00 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 027D0E60 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40614686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 027D0D70 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!CreateDialogParamA 7E38C7DB 5 Bytes JMP 027D0C80 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!MessageBoxA 7E3A07EA 5 Bytes JMP 027D0FE0 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 027CFDE0 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!MessageBoxW 7E3B6534 5 Bytes JMP 027D10C0 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 027CFF40 C:\Documents and Settings\OEM\Ustawienia lokalne\Dane aplikacji\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3752] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B7E8F232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B7E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B7E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7E8E914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7E8E856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7E8F0F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EA2EA6] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[1444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[2152] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3600] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3752] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A68F1E8 Device \Driver\USBSTOR \Device\0000008e 8A2A7430 Device \Driver\USBSTOR \Device\0000008f 8A2A7430 Device \Driver\usbehci \Device\USBPDO-0 8A45A1E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{AB903FA5-9904-478A-8AC3-96846A553D2C} 8A2D1430 Device \Driver\usbuhci \Device\USBPDO-1 8A5311E8 Device \Driver\usbuhci \Device\USBPDO-2 8A5311E8 Device \Driver\usbuhci \Device\USBPDO-3 8A5311E8 Device \Driver\usbehci \Device\USBPDO-4 8A45A1E8 Device \Driver\usbuhci \Device\USBPDO-5 8A5311E8 Device \Driver\usbuhci \Device\USBPDO-6 8A5311E8 Device \Driver\usbuhci \Device\USBPDO-7 8A5311E8 Device \Driver\Cdrom \Device\CdRom0 8A42A3C8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-12 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort4 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort5 [B7DF8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\USBSTOR \Device\00000090 8A2A7430 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A2D1430 Device \Driver\NetBT \Device\NetbiosSmb 8A2D1430 Device \Driver\usbuhci \Device\USBFDO-0 8A5311E8 Device \Driver\usbuhci \Device\USBFDO-1 8A5311E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A278430 Device \Driver\usbuhci \Device\USBFDO-2 8A5311E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A278430 Device \Driver\usbehci \Device\USBFDO-3 8A45A1E8 Device \Driver\usbuhci \Device\USBFDO-4 8A5311E8 Device \Driver\usbuhci \Device\USBFDO-5 8A5311E8 Device \Driver\USBSTOR \Device\0000008b 8A2A7430 Device \Driver\usbuhci \Device\USBFDO-6 8A5311E8 Device \Driver\usbehci \Device\USBFDO-7 8A45A1E8 Device \Driver\USBSTOR \Device\0000008d 8A2A7430 Device \FileSystem\Cdfs \Cdfs 8A2BC430 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x46 0x43 0x99 0x7A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x53 0xCC 0x08 0xF1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0xC3 0x3A 0xA7 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7A 0xB4 0xE1 0xFF ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x46 0x43 0x99 0x7A ... ---- EOF - GMER 1.0.15 ----