GMER 1.0.15.15077 [RootLogThing.exe] - http://www.gmer.net Rootkit scan 2009-09-13 21:53:22 Windows 6.0.6002 Service Pack 2 ---- System - GMER 1.0.15 ---- INT 0x61 ? 9C118CD0 INT 0x71 ? 9C0FA050 INT 0xB3 ? 9C0FACD0 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[2256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749D7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74A2A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749DBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [749CF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749D75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [749CE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74A08395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [749DDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [749CFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749CFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749C71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A5CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749FC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749CD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [749C6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749C687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749D2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp tdifw_drv.sys AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\Udp tdifw_drv.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp tdifw_drv.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- Processes - GMER 1.0.15 ---- Library C:\Program (*** hidden *** ) @ C:\Program [3268] 0x00400000 ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E652B76-8D91-FE0C-7086-1312CF84256D} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E652B76-8D91-FE0C-7086-1312CF84256D}@oagakhclcljedjbbdcbdpchgndbdfp 0x64 0x61 0x67 0x63 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E652B76-8D91-FE0C-7086-1312CF84256D}@oacbcpbgcacclehljhmmefopcpalap 0x6A 0x61 0x6A 0x61 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E652B76-8D91-FE0C-7086-1312CF84256D}@namaihcdlihoflleafbdkgapjmnk 0x6A 0x61 0x6A 0x61 ... ---- EOF - GMER 1.0.15 ----