GMER 1.0.15.15281 -
http://www.gmer.net
Rootkit scan 2010-11-22 12:10:59
Windows 5.0.2195 Service Pack 4
Running: bco3fvo5.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxrdrpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwClose [0xB755A210]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwCreateDirectoryObject [0xB755A0FC]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwCreateFile [0xB75591D2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB78EE574]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwCreateProcess [0xB7558A6C]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwCreateSection [0xB7559B9A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB78EEA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB78EE14C]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwOpenFile [0xB75596F8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB78EE64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB78EE08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB78EE0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB78EE76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB78EE72E]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwSetInformationFile [0xB7559F26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB78EE8AE]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwWriteFile [0xB7559E5E]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINNT\System32\Drivers\driverx.sys entry point in "init" section [0xB77506FE]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Services - GMER 1.0.15 ----
Service C:\WINNT\system32\MSTask.exe? (*** hidden *** ) [AUTO] Schedule <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----