GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-10-08 06:07:38 Windows 5.1.2600 Dodatek Service Pack 2 Running: le10rwl0.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pxtdypog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB662F6B8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB662F574] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB662FA52] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB662F14C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB662F64E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB662F08C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB662F0F0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB662F76E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB662F72E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB662F8AE] ---- User code sections - GMER 1.0.15 ---- .text C:\WIN_XP\system32\services.exe[516] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 2957C 7CAFF30B 1 Byte [49] .text C:\WIN_XP\system32\services.exe[516] SHELL32.dll!CallCPLEntry16 + 29EC 7CB27B8B 1 Byte [10] .text C:\WIN_XP\system32\svchost.exe[780] SHELL32.dll!SHCreateLocalServerRunDll + BD61 7CB6906B 1 Byte [90] .text C:\WIN_XP\system32\svchost.exe[1052] SHELL32.dll!CDefFolderMenu_Create2 + 69A 7CA99D0B 1 Byte [03] .text C:\WIN_XP\system32\svchost.exe[1052] SHELL32.dll!SHMultiFileProperties + 7A4 7CAD5D8A 1 Byte [10] .text C:\WIN_XP\system32\svchost.exe[1052] SHELL32.dll!CallCPLEntry16 + 2CB2C 7CB51CCB 1 Byte [05] .text C:\WIN_XP\system32\svchost.exe[1052] SHELL32.dll!SHCreateLocalServerRunDll + 2E150 7CB8B45A 1 Byte [10] .text C:\WIN_XP\system32\svchost.exe[1052] SHELL32.dll!SHCreateLocalServerRunDll + 2E821 7CB8BB2B 1 Byte [09] .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1232] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 2D4BC 7CB0324B 1 Byte [0D] .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1232] SHELL32.dll!CallCPLEntry16 + 264AC 7CB4B64B 1 Byte [0B] .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1232] SHELL32.dll!SHCreateLocalServerRunDll + 15E41 7CB7314B 1 Byte [05] .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1232] SHELL32.dll!SHCreateLocalServerRunDll + 23F42 7CB8124C 1 Byte [00] .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1232] SHELL32.dll!SHCreateLocalServerRunDll + 37BC0 7CB94ECA 1 Byte [11] .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1232] SHELL32.dll!StrStrW + 9089 7CBA444B 1 Byte [0B] .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1232] SHLWAPI.dll!PathUnExpandEnvStringsW + 1A42 77FB37CB 1 Byte [11] .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1256] ole32.dll!StgSetTimes + 2FEC 775284AB 1 Byte [8B] .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1280] shell32.dll!AppCompat_RunDLLW + 754 7CA9862B 1 Byte [8B] .text C:\Program Files\Skype\Phone\Skype.exe[1300] shell32.dll!StrStrW + 7A29 7CBA2DEB 1 Byte [80] .text C:\WIN_XP\system32\svchost.exe[1792] ole32.dll!CoMarshalInterThreadInterfaceInStream + 1B5 7754706B 1 Byte [8D] .text C:\WIN_XP\system32\svchost.exe[1792] SHELL32.dll!SHCreateFileExtractIconW + E69 7CAC2E2B 1 Byte [8D] .text C:\Program Files\Java\jre6\bin\jqs.exe[1880] ole32.dll!CoWaitForMultipleHandles + 123AA 775594EB 1 Byte [8B] .text C:\Program Files\Java\jre6\bin\jqs.exe[1880] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 3675C 7CB0C4EB 1 Byte [8B] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] ole32.dll!CoWaitForMultipleHandles + 9A8A 77550BCB 1 Byte [0E] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] ole32.dll!ComPs_NdrDllGetClassObject + 43B 7759564B 1 Byte [4C] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] ole32.dll!ComPs_NdrStubCall2 + 933 775968EB 1 Byte [8B] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] ole32.dll!UtConvertDvtd32toDvtd16 + 352 775CAECB 1 Byte [82] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] ole32.dll!StgIsStorageILockBytes + 33E6 775CF7CB 1 Byte [09] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WIN_XP\system32\services.exe[516] @ C:\WIN_XP\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WIN_XP\system32\services.exe[516] @ C:\WIN_XP\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 971C483C41E3238AE6D403C441D82E5EF551C558094EF745AC3BCF63474EB3B9615145F9D3ACBB11659E67A1AF1B72D774539D444F3AF2445CA3CB1C39C70FB30CBF0141EFDA233664CEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6679DB7CE019D40AA5C8EDD5E5BE2F6E6679DB7CE019D40AA5CC8E967BB4786E3742332B2DA196B0A7D2C51280198859170AB8BA78DA83BB8B3705FEA25E702A6CF7612EEEB86E83971634237D0E83EAEF64D8C4FE71338169A50C8B4D26BB3179EF8C7763D4E0705138031BAE8E75C42264F6788426BA2778A57FBE0138F0A1564BF3931355F122ACFDAB70B64DCAD86746C0434926E693322475500D3A3B13209B0D37C5C4099167A9DF27287A14166BAB7CFAB736B3FD1E3B5B1162A8C9E35590706AA5F0A726E474902ACB7A36E83B8943D3824459891398BF31ACCC1099806D0C4FE8EE9340A50320AEDFCE74C3011BBC29A8773B1E26C8805F99950EA0A23F007B25FA03A73917FB45B0802B977C93AD784240186EC2EBC4D130F59836E299EC773EA04A6EB6EAC2E0F291D56944C717C1DA58CDA088F0F3B3C518ED55974640762ED7E5C66AA89A61756F78879689531FE5A4B33C2893843BBA8BAAA9745A14994C80B8309F03A53752A64F9C85030F9BA3503DBDDF647DA4E00398 ---- EOF - GMER 1.0.15 ----