GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-08 12:27:57 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS543232L9A300 rev.FB4OC40C Running: semiii4p.exe; Driver: C:\DOCUME~1\zbyszek\USTAWI~1\Temp\pxtdrpog.sys ---- System - GMER 1.0.15 ---- SSDT \WINDOWS\system32\ntkrnlpa.exe (Jądro i system NT/Microsoft Corporation) ZwCreateKey [0xE0BA20CC] SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [E0BA20CC] ZwCreateKey [0xE0BA20CC] SSDT \WINDOWS\system32\ntkrnlpa.exe (Jądro i system NT/Microsoft Corporation) ZwOpenKey [0xE0BA20D1] SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [E0BA20D1] ZwOpenKey [0xE0BA20D1] INT 0x03 \WINDOWS\system32\ntkrnlpa.exe[unknown section] E0BA20D6 INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) F100916D INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) F1008FC2 INT 0x63 ? FC153E54 INT 0x73 ? FC1692AC INT 0x83 ? FC5FFBD4 INT 0x84 ? F859BBDC INT 0x92 ? FC3922AC INT 0x93 ? FC342CC4 INT 0x94 ? FC312E54 INT 0xA3 ? FC157E54 INT 0xA4 ? FC158E54 INT 0xB1 ? FC6CF544 INT 0xB4 ? FC614E54 ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF4DEB360, 0x3CEED5, 0xE8000020] .text C:\WINDOWS\system32\drivers\aksfridge.sys section is writeable [0xF0108000, 0x47E35, 0xE0000020] .init C:\WINDOWS\system32\drivers\aksfridge.sys entry point in ".init" section [0xF015C224] .init C:\WINDOWS\system32\drivers\aksfridge.sys unknown last code section [0xF015C000, 0x4000, 0xE20000E0] .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xEFEC3400, 0x6E6E2, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xEFF4D820] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xEFF4D820] .protect˙˙˙˙hardlockunknown last code section [0xEFF4D600, 0x512A, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xEFF4D600, 0x512A, 0xE0000020] C:\Program Files\ASUS\AI TouchMedia\PlayMovie\000.fcl entry point in "" section [0xEFBB941C] .clc C:\Program Files\ASUS\AI TouchMedia\PlayMovie\000.fcl unknown last code section [0xEFBBA000, 0x1000, 0xE0000020] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\Skyscraper_120x600_inchcape_Pakiet-biznes_v01_b[1].swf 57024 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\smile[1].gif 262 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\Snake[1].css 1341 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\SNDCA8NJA6ZCA3VORBKCA9ZH3TTCAZ2BMB8CALEZWA4CA50QU7BCATMLZQECA8MBVQCCAZXG1LQCA400ATFCAJQY6MOCAI4EBDECA0EUKT8CAGTS3KBCAAC04FPCA73XFQLCAANB6TDCABNF668CA5D63B0 0 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\snowman_Skyscraper_160x600_preis_eBay_110311[1].swf 39514 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\spacer[1].gif 43 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\spr4VI[1].png 63226 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\spriteToolbarIcons[1].gif 323 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\8645481191 0 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\imgTwoColBar2x20[1].gif 48 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\img_7265_1634[1].jpg 3615 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\img_breadcrumb_arrow[1].png 107 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\indent[1].gif 90 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\index[1].htm 12825 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\index[1].html 150 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\index_cob_v01[1].css 23742 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\index_l[1].gif 1130 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\index_r3_c5[1].png 47603 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\index_r3_c6[1].png 8585 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\index_v15[2].css 18539 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\infoBack3[1].gif 178 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\init[1] 6630 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\inlineVideo[1].swf 270033 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\f14034be6deaf8c85420fad6fcb3f14e,23,1[1].jpg 2317 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\f1[1].gif 2149 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\F3OCAWI5EUXCA9YWFXVCA9QUSTWCAY2ZXAMCAM21SCKCAB7JLJJCAVNE7DKCAZOYKI6CAYKNVXNCA88EXZYCADN9IM7CAX1GXBCCA1K16LLCAVSHJIMCAICV070CA1KTZKTCABZMSOECAZ19PPFCADM0Z31 0 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\F5LCAR9470ICA1ZZ0UICAGEL19TCAP8KK62CA07F2OBCAWDF2XCCAS324FUCAHL0JCOCAS3ZX2KCA58A0XKCADRW22OCAUTWD9XCAESCK2JCACR6JC6CAYME50LCA708Y73CAMPFXZ4CA9A9N8RCA7MAP7G 0 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\lyrs=h@156000000&hl=pl&x=73143&s=&y=43242&z=17&s=Galileo[1].png 1514 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\lyrs=h@156000000&hl=pl&x=73150&s=&y=43242&z=17&s=Gali[1].png 2540 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\no_logo_image[1].png 6903 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\OODCA3U0VYZCA3NMOPUCAF4TE6PCAO4AWZHCADUWYTKCARRVUZJCAUQPK27CAQUD2GMCAODRI9ICAR5HC08CAGLUA1YCAUGJ7NNCAXJD9FNCAVXAJNECAFIJJ35CA5J0A8XCAJHW4HECAESVO36CA5S0R8Q 5247 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\open[1].png 1258 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\$(KGrHqQOKkQE2659bfUDBNv94uk(k!~~_3[1].jpg 226051 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\1002895[1].jpg 3998 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\140CA4JKN07.jpg 2696 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\140CAXEU95I.jpg 5057 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\fundusze-icon_913347[1].gif 1447 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\f_RG11KTCORAL-1[1].png 39980 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\f_tshirtaffiche_homme[1].png 13720 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\f_unread[1].png 5299 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\G7UCAOSLUIHCAL4DX3JCAT4YZ1KCA0C20TACARDWQWNCA53HY3BCADP30QFCAPV0GDCCADNORLZCAVK4TA7CA3TACEACA3TB3IVCANG5U4JCABDW7RSCA1N0GGCCALQK2CKCA391OYYCA8582GNCA4OL5FG 0 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\gemius[1].js 3357 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\gemius[2].js 1385 bytes File C:\Documents and Settings\zbyszek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SCAP1NCD\generic[1].css 0 bytes ---- EOF - GMER 1.0.15 ----