GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-12 00:58:21 Windows 5.1.2600 Dodatek Service Pack 3 Running: xcdp6hqq.exe; Driver: D:\DOCUME~1\user\USTAWI~1\Temp\awldapow.sys ---- User code sections - GMER 1.0.15 ---- .text D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[904] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00] .text D:\Program Files\Internet Explorer\iexplore.exe[1436] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 01229315 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1436] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 01304832 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1436] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 0141E021 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1436] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 0141DF51 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1436] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 0141DFBE D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1436] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 0141DE22 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1436] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 0141DE84 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1436] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 0141E084 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1436] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 0141DEE6 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 01229315 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 012FDBCB D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 012FDD81 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 01304832 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01261CA2 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 0141E021 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 0141DF51 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 0141DFBE D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 0141DE22 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 0141DE84 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 0141E084 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 0141DEE6 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text D:\Program Files\Internet Explorer\iexplore.exe[1528] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 0130488E D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT D:\Program Files\Internet Explorer\iexplore.exe[1528] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00A218FD] D:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG04.00.00.01SERVER 9147C7AD8E09892DB5D26A60F39333E43DC1CC61505BCF94064A649239751FFD26034E70C20CEA69F948ACF6CEEF62EDBC6815597268188F31A80F006661052B5D13A3638B6222B658947BAEF8568A469F738BB22623B470820A56AB94963AF4A15BB8D51A182C3CF172C8512DB7F8A4DE9043D64C82641BED310E3DEDAD8E0C7DD7414B830C0A9A0EB0C8608958FE351B0513642FD0E8690B77CD0F859655152213B57CC1F1BF631431F5101052731617A893ABF72989A595486F2FCC14FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6678EDD5E5BE2F6E667FEBC9E127BECC74CA9C6AECB7A5D1407781F40B8BE1A4A1191B5BC62AE06358D7E7655C4EB7FAF8AEEEC903428503119CD88268BD909315334B426A9BA039E0874433342D1335E32AEB1D07E98D45C3C78AAB6ECA555B3228F6944456BA1DBD027E6F47308B36D6536506A7CA079F4B166DA8C2C540A55938459AC1A37AB3823062FC57163A313262787461C15DDB9DB8AE4E5ACDAE3FD90F17C959E5319E40D8462F7E9FAD9E8C72509EBE10FD84B75D987A565F3D27858423DDA603A1AF5F01AB97F1DACE36BF1D87A89E0EB703289CD76D2E09D7EF37BDC7DFD01AD10E386436275E118007DA0EF75F1C54C6256FA64D7983F1BBF84603390A132AD130B58007 ---- EOF - GMER 1.0.15 ----