GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-09 15:18:44
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543216L9A300 rev.FB2OC40C
Running: pu59xgv5.exe; Driver: C:\Users\marek\AppData\Local\Temp\pwdoypow.sys


---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\Explorer.EXE[2980] SHELL32.dll!InitNetworkAddressControl + 2939                                    75FA006C 4 Bytes  [B0, 22, 00, 10] {MOV AL, 0x22; ADD [EAX], DL}
.text           C:\Windows\Explorer.EXE[2980] SHELL32.dll!ShellExecuteExW + 121F                                              75FD11DC 4 Bytes  [20, 1B, 00, 10] {AND [EBX], BL; ADD [EAX], DL}

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\system32\services.exe[656] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]  001C0002
IAT             C:\Windows\system32\services.exe[656] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW]        001C0000
IAT             C:\Windows\Explorer.EXE[2980] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                   [10002480] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT             C:\Windows\Explorer.EXE[2980] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]       [10001DA0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT             C:\Windows\Explorer.EXE[2980] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                 [100027D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT             C:\Windows\Explorer.EXE[2980] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                   [10001290] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                       Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                       Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                       aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                       aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                      fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----