GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-29 20:11:58 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000 Running: o835zh7k.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\kwldraob.sys ---- System - GMER 1.0.15 ---- INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B8B7816D INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B8B77FC2 ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0x96415400, 0x7960C, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0x964B7420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0x964B7420] .protect˙˙˙˙hardlockunknown last code section [0x964B7200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0x964B7200, 0x5049, 0xE0000020] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp ABTDI.sys (ABTDI/ArcaBit) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00225f00652e Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00225f00652e (not active ControlSet) ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Admin\Ustawienia lokalne\Temporary Internet Files\Content.IE5\O5FTJW48\bef4d55148b1caf7fe8dddca618f046a,42,29,28-50-436-290-0[1].jpg 0 bytes ---- EOF - GMER 1.0.15 ----