GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-22 17:38:47 Windows 5.1.2600 Dodatek Service Pack. 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IBM-DARA-212000 rev.AR4OA50A Running: 1jedux6l.exe; Driver: C:\DOCUME~1\TAP-POL\USTAWI~1\Temp\kxxcaaog.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [06] pnidata C:\WINDOWS\System32\DRIVERS\secdrv.sys unknown last section [0xF7406F00, 0x24000, 0x48000000] ---- User code sections - GMER 1.0.15 ---- ÒuÛŠëÔÿÿÿÿwinlogonentry point in "ÒuÛŠëÔÿÿÿÿwinlogonentry point in "" section [0x0042F4A6] C:\Documents and Settings\TAP-POL\Ustawienia lokalne\Dane aplikacji\winlogon.exe[300] C:\Documents and Settings\TAP-POL\Ustawienia lokalne\Dane aplikacji\winlogon.exe entry point in "ÒuÛŠëÔÿÿÿÿwinlogonentry point in "" section [0x0042F4A6] ÒuÛŠëÔÿÿÿÿwinlogonunknown last code section [0x00425000, 0x19000, 0xC00000E0] C:\Documents and Settings\TAP-POL\Ustawienia lokalne\Dane aplikacji\winlogon.exe[300] C:\Documents and Settings\TAP-POL\Ustawienia lokalne\Dane aplikacji\winlogon.exe unknown last code section [0x00425000, 0x19000, 0xC00000E0] ÒuÛŠëÔÿÿÿÿservicesentry point in "ÒuÛŠëÔÿÿÿÿservicesentry point in "" section [0x0042F4A6] C:\Documents and Settings\TAP-POL\Ustawienia lokalne\Dane aplikacji\services.exe[792] C:\Documents and Settings\TAP-POL\Ustawienia lokalne\Dane aplikacji\services.exe entry point in "ÒuÛŠëÔÿÿÿÿservicesentry point in "" section [0x0042F4A6] ÒuÛŠëÔÿÿÿÿservicesunknown last code section [0x00425000, 0x19000, 0xC00000E0] C:\Documents and Settings\TAP-POL\Ustawienia lokalne\Dane aplikacji\services.exe[792] C:\Documents and Settings\TAP-POL\Ustawienia lokalne\Dane aplikacji\services.exe unknown last code section [0x00425000, 0x19000, 0xC00000E0] ---- Threads - GMER 1.0.15 ---- Thread System [4:116] FC300A94 Thread System [4:160] FC7E716C ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System@DisableRegistryTools 0 ---- EOF - GMER 1.0.15 ----