GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-13 12:51:47 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 232,89GB Running: tuffjr6s.exe; Driver: C:\DOCUME~1\User\USTAWI~1\Temp\agdcqpow.sys ---- System - GMER 2.1 ---- SSDT \WINDOWS\system32\ntkrnlpa.exe (Jądro i system NT/Microsoft Corporation) ZwCreateKey [0x804D70CC] SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70CC] ZwCreateKey [0x804D70CC] SSDT \WINDOWS\system32\ntkrnlpa.exe (Jądro i system NT/Microsoft Corporation) ZwOpenKey [0x804D70D1] SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D70D1] ZwOpenKey [0x804D70D1] INT 0x03 \WINDOWS\system32\ntkrnlpa.exe[unknown section] 804D70D6 Code \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys ZwAllocateVirtualMemory [0xF77133EC] Code \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys NtAllocateVirtualMemory ---- Kernel code sections - GMER 2.1 ---- PAGE ntkrnlpa.exe!NtAllocateVirtualMemory 805A8ACA 5 Bytes JMP F77133F0 \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys .text C:\WINDOWS\system32\drivers\aksfridge.sys section is writeable [0xA3C9E000, 0x4ADDD, 0xE0000020] .init C:\WINDOWS\system32\drivers\aksfridge.sys entry point in ".init" section [0xA3CF6224] .init C:\WINDOWS\system32\drivers\aksfridge.sys unknown last code section [0xA3CF6000, 0x4000, 0xE20000E0] .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA3BE2400, 0x6F928, 0xE8000020] .init C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".init" section [0xA3C65A24] .init C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA3C65800, 0xEA00, 0xE20000E0] ---- EOF - GMER 2.1 ----