GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-01-16 14:27:26 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.PBBO Running: vr8pp7ov.exe; Driver: C:\DOCUME~1\p\USTAWI~1\Temp\awxyqpoc.sys ---- System - GMER 1.0.15 ---- SSDT spos.sys ZwCreateKey [0xB9EB50E0] SSDT spos.sys ZwEnumerateKey [0xB9ECDDA4] SSDT spos.sys ZwEnumerateValueKey [0xB9ECE132] SSDT spos.sys ZwOpenKey [0xB9EB50C0] SSDT spos.sys ZwQueryKey [0xB9ECE20A] SSDT spos.sys ZwQueryValueKey [0xB9ECE08A] SSDT spos.sys ZwSetValueKey [0xB9ECE29C] INT 0x63 ? 892C8BF8 INT 0x73 ? 89DEBBF8 INT 0x73 ? 892C8BF8 INT 0x73 ? 89DEBBF8 INT 0x83 ? 892C8BF8 INT 0x83 ? 892C8BF8 INT 0xB4 ? 892C8BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spos.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload B87A7934 5 Bytes JMP 892C81D8 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[612] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Mozilla Firefox\firefox.exe[612] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 0120B1A3 .text C:\Program Files\Mozilla Firefox\firefox.exe[612] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 0120BF35 .text C:\Program Files\Mozilla Firefox\firefox.exe[612] WS2_32.dll!send 71A54C27 5 Bytes JMP 0120BC3D .text C:\Program Files\Mozilla Firefox\firefox.exe[612] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 0120BE4E .text C:\Program Files\Mozilla Firefox\firefox.exe[612] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 0120B0E6 .text C:\Program Files\Mozilla Firefox\firefox.exe[612] WS2_32.dll!recv 71A5676F 2 Bytes JMP 0120BCE3 .text C:\Program Files\Mozilla Firefox\firefox.exe[612] WS2_32.dll!recv + 3 71A56772 2 Bytes [7B, 8F] {JNP 0xffffffffffffff91} .text C:\Program Files\Mozilla Firefox\firefox.exe[612] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 0120BD8D .text C:\Program Files\Mozilla Firefox\firefox.exe[612] WS2_32.dll!WSAAsyncGetHostByName 71A5E99D 5 Bytes JMP 0120B56A .text C:\Program Files\Mozilla Firefox\firefox.exe[612] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 0120C1A3 .text C:\Program Files\Mozilla Firefox\firefox.exe[612] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 0120C6DD .text C:\Program Files\Mozilla Firefox\firefox.exe[612] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 0120C0D6 .text C:\Program Files\Mozilla Firefox\firefox.exe[612] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 0120C5F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[612] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 0120CA94 .text C:\Program Files\Mozilla Firefox\firefox.exe[612] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 0120CB5E .text C:\Program Files\Mozilla Firefox\firefox.exe[612] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 0120B645 .text C:\Program Files\Mozilla Firefox\firefox.exe[612] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 0120C510 .text C:\Program Files\Mozilla Firefox\firefox.exe[612] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 0120C34C .text C:\Program Files\Mozilla Firefox\firefox.exe[612] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 0120BFC3 .text C:\Program Files\Mozilla Firefox\firefox.exe[612] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 0120C270 .text C:\Program Files\Mozilla Firefox\firefox.exe[612] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 0120C428 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[680] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10402342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 00E0C510 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40614696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 00E0C34C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 00E0BFC3 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 00E0C270 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 00E0C428 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00E0C1A3 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00E0C6DD .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00E0C0D6 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00E0C5F8 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00E0CA94 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 00E0CB5E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] ole32.dll!CoCreateInstance 774EF1AC 5 Bytes JMP 406ADBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] ole32.dll!OleLoadFromStream 7751981B 5 Bytes JMP 407A5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 00E0B1A3 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 00E0BF35 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] WS2_32.dll!connect 71A54A07 5 Bytes JMP 03D22850 C:\Program Files\IEPro\GrabKernel.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] WS2_32.dll!send 71A54C27 5 Bytes JMP 00E0BC3D .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 00E0BE4E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 00E0B0E6 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] WS2_32.dll!recv 71A5676F 2 Bytes JMP 00E0BCE3 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] WS2_32.dll!recv + 3 71A56772 2 Bytes [3B, 8F] .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 00E0BD8D .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] WS2_32.dll!WSAAsyncGetHostByName 71A5E99D 5 Bytes JMP 00E0B56A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 03D22A50 C:\Program Files\IEPro\GrabKernel.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 0159B645 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 0159C510 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 0159C34C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 0159BFC3 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 0159C270 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 0159C428 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 0159C1A3 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 0159C6DD .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 0159C0D6 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 0159C5F8 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 0159CA94 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 0159CB5E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] ws2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 0159B1A3 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] ws2_32.dll!closesocket 71A53E2B 5 Bytes JMP 0159BF35 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] ws2_32.dll!send 71A54C27 5 Bytes JMP 0159BC3D .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] ws2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 0159BE4E .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] ws2_32.dll!gethostbyname 71A55355 5 Bytes JMP 0159B0E6 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] ws2_32.dll!recv 71A5676F 2 Bytes JMP 0159BCE3 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] ws2_32.dll!recv + 3 71A56772 2 Bytes [B4, 8F] {MOV AH, 0x8f} .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] ws2_32.dll!WSASend 71A568FA 5 Bytes JMP 0159BD8D .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3768] ws2_32.dll!WSAAsyncGetHostByName 71A5E99D 5 Bytes JMP 0159B56A ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spos.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA] [00419DEC] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW] [00419E64] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] [00419FF6] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MessageBoxW] [0041A002] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!ShowWindow] [00419EDC] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!SetWindowPos] [00419F8A] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!DialogBoxParamW] [00419FF6] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!CreateWindowExW] [00419E64] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!MessageBoxW] [0041A002] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamA] [00419FF6] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [00419FF6] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [00419DEC] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [00419E64] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxA] [0041A002] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxW] [0041A002] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [00419FF0] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [00419FF0] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [00419F8A] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [00419EDC] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!CreateWindowExW] [00419E64] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DialogBoxParamW] [00419FF6] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!ShowWindow] [00419EDC] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetWindowPos] [00419F8A] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MessageBoxW] [0041A002] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MessageBoxA] [0041A002] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\WINDOWS\Nzyvea.exe[580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MessageBoxIndirectW] [00419FF0] C:\WINDOWS\Nzyvea.exe (Windows Setup API/KLite Codec Pack) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe[3604] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA] [0041B1B7] C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe[3604] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW] [0041B231] C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe[3604] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!ShowWindow] [0041B2AB] C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe[3604] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!SetWindowPos] [0041B35D] C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe[3604] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!CreateWindowExW] [0041B231] C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe[3604] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [0041B1B7] C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe[3604] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [0041B231] C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe[3604] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [0041B35D] C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe[3604] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [0041B2AB] C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe[3604] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!CreateWindowExW] [0041B231] C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe[3604] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!ShowWindow] [0041B2AB] C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe[3604] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetWindowPos] [0041B35D] C:\DOCUME~1\p\USTAWI~1\Temp\Nh1.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe[4080] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA] [00412DB6] C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe[4080] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW] [00412E2E] C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe[4080] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!ShowWindow] [00412EA6] C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe[4080] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!SetWindowPos] [00412F54] C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe[4080] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!CreateWindowExW] [00412E2E] C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe[4080] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [00412DB6] C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe[4080] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [00412E2E] C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe[4080] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [00412F54] C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe[4080] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [00412EA6] C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe[4080] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!CreateWindowExW] [00412E2E] C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe[4080] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!ShowWindow] [00412EA6] C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe (Windows Setup API/KLite Codec Pack) IAT C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe[4080] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetWindowPos] [00412F54] C:\DOCUME~1\p\USTAWI~1\Temp\Nh2.exe (Windows Setup API/KLite Codec Pack) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 89DE91F8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{E2914E04-CDE8-4BBC-937E-A1EAE02F317C} 8924C1F8 Device \Driver\usbehci \Device\USBPDO-0 892B41F8 Device \Driver\usbuhci \Device\USBPDO-1 892141F8 Device \Driver\usbuhci \Device\USBPDO-2 892141F8 Device \Driver\usbuhci \Device\USBPDO-3 892141F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{811BC857-149D-4F0F-A01C-C2DF7A7E0C44} 8924C1F8 Device \Driver\usbuhci \Device\USBPDO-4 892141F8 AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) Device \Driver\Ftdisk \Device\HarddiskVolume1 89DEC1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89DEC1F8 Device \Driver\iaStor \Device\Ide\iaStor0 [B9DAD360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [B9DAD360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 8924C1F8 Device \Driver\NetBT \Device\NetbiosSmb 8924C1F8 Device \Driver\usbuhci \Device\USBFDO-0 892141F8 Device \Driver\usbuhci \Device\USBFDO-1 892141F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8924B1F8 Device \Driver\usbuhci \Device\USBFDO-2 892141F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8924B1F8 Device \Driver\usbuhci \Device\USBFDO-3 892141F8 Device \Driver\usbehci \Device\USBFDO-4 892B41F8 Device \Driver\Ftdisk \Device\FtControl 89DEC1F8 Device \FileSystem\Cdfs \Cdfs 892A2500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFD 0x45 0x97 0xAD ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB5 0xD1 0x11 0x23 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x60 0xD2 0x14 0x68 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x65 0x6B 0x8F 0x0A ... ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\p\Ustawienia lokalne\Temporary Internet Files\Content.IE5\CECLJOLP\81299ed75347da55858c24297cff2d08[1].swf 25077 bytes File C:\Documents and Settings\p\Ustawienia lokalne\Temporary Internet Files\Content.IE5\GJJRI2IM\rwCAONIQ4O.htm 790 bytes File C:\Documents and Settings\p\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SR842ZAD\rwCAM6PQCU.htm 789 bytes ---- EOF - GMER 1.0.15 ----