GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-25 10:17:03 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-88JHC0 rev.05.01C05 Running: 8d837tg2.exe; Driver: C:\DOCUME~1\Indeco\USTAWI~1\Temp\ugtdrpog.sys ---- System - GMER 1.0.15 ---- INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B823B16D INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B823AFC2 Code 86ED84D0 pIofCallDriver ---- Kernel code sections - GMER 1.0.15 ---- .reloc C:\WINDOWS\system32\drivers\NDIS.sys section is executable [0x86EAB200, 0x32F2A, 0xE0000060] .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB7D49400, 0x7960C, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB7DEB420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB7DEB420] .protect˙˙˙˙hardlockunknown last code section [0xB7DEB200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB7DEB200, 0x5049, 0xE0000020] ---- Devices - GMER 1.0.15 ---- Device \Driver\NDIS \Device\Ndis [86EB2982] NDIS.sys[.reloc] ---- EOF - GMER 1.0.15 ----