GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-10 12:30:38 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.ZH10 Running: pd5v07f1.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pxlyapoc.sys ---- System - GMER 1.0.15 ---- SSDT E315E9E8 ZwConnectPort INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) AFC5A16D INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) AFC59FC2 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C08 805039DC 4 Bytes [E8, E9, 15, E3] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6CC8360, 0x1DE5ED, 0xE8000020] .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xAB039400, 0x7960C, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xAB0DB420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xAB0DB420] .protect˙˙˙˙hardlockunknown last code section [0xAB0DB200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xAB0DB200, 0x5049, 0xE0000020] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) Device \FileSystem\cdudf_xp \Device\CdUdf_XP DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ea1343f8d Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ea1343f8d@d4cbafdabd8d 0x49 0x60 0xE9 0x38 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000ea1343f8d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000ea1343f8d@d4cbafdabd8d 0x49 0x60 0xE9 0x38 ... ---- EOF - GMER 1.0.15 ----