GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-05 21:33:04 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\0000005f WDC_WD2000JS-00PDB0 rev.21.00M21 Running: sx71eh0h.exe; Driver: C:\DOCUME~1\PC\USTAWI~1\Temp\afrdikod.sys ---- System - GMER 1.0.15 ---- SSDT AE0E568C ZwClose SSDT AE0E5646 ZwCreateKey SSDT AE0E5696 ZwCreateSection SSDT AE0E563C ZwCreateThread SSDT AE0E564B ZwDeleteKey SSDT AE0E5655 ZwDeleteValueKey SSDT AE0E5687 ZwDuplicateObject SSDT AE0E565A ZwLoadKey SSDT AE0E5628 ZwOpenProcess SSDT AE0E562D ZwOpenThread SSDT AE0E5664 ZwReplaceKey SSDT AE0E565F ZwRestoreKey SSDT AE0E569B ZwSetContextThread SSDT AE0E5650 ZwSetValueKey SSDT AE0E5637 ZwTerminateProcess ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\internet explorer\iexplore.exe[616] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[616] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[616] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[616] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[616] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[616] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[616] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[616] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[616] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3352] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 0434CDC0 C:\Documents and Settings\PC\Ustawienia lokalne\Dane aplikacji\uTorrentControl2\tbuTor.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\internet explorer\iexplore.exe[3352] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 0434D120 C:\Documents and Settings\PC\Ustawienia lokalne\Dane aplikacji\uTorrentControl2\tbuTor.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\internet explorer\iexplore.exe[3352] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3352] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3352] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3352] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 40614686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3352] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3352] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3352] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 0434D030 C:\Documents and Settings\PC\Ustawienia lokalne\Dane aplikacji\uTorrentControl2\tbuTor.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\internet explorer\iexplore.exe[3352] USER32.dll!CreateDialogParamA 7E38C7DB 5 Bytes JMP 0434CF40 C:\Documents and Settings\PC\Ustawienia lokalne\Dane aplikacji\uTorrentControl2\tbuTor.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\internet explorer\iexplore.exe[3352] USER32.dll!MessageBoxA 7E3A07EA 5 Bytes JMP 0434D2A0 C:\Documents and Settings\PC\Ustawienia lokalne\Dane aplikacji\uTorrentControl2\tbuTor.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\internet explorer\iexplore.exe[3352] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3352] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3352] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3352] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 0434C0A0 C:\Documents and Settings\PC\Ustawienia lokalne\Dane aplikacji\uTorrentControl2\tbuTor.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\internet explorer\iexplore.exe[3352] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3352] USER32.dll!MessageBoxW 7E3B6534 5 Bytes JMP 0434D380 C:\Documents and Settings\PC\Ustawienia lokalne\Dane aplikacji\uTorrentControl2\tbuTor.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\internet explorer\iexplore.exe[3352] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 0434C200 C:\Documents and Settings\PC\Ustawienia lokalne\Dane aplikacji\uTorrentControl2\tbuTor.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\internet explorer\iexplore.exe[3352] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\internet explorer\iexplore.exe[3352] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\internet explorer\iexplore.exe[3352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----