GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-16 09:32:22 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS543232L9A300 rev.FB4OC40C 0,00MB Running: pw5oh0if.exe; Driver: C:\DOCUME~1\zbyszek\USTAWI~1\Temp\pxtdrpog.sys ---- System - GMER 2.2 ---- SSDT \WINDOWS\system32\ntkrnlpa.exe ZwCreateKey [0xE0BA20CC] SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [E0BA20CC] ZwCreateKey [0xE0BA20CC] SSDT \WINDOWS\system32\ntkrnlpa.exe ZwOpenKey [0xE0BA20D1] SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [E0BA20D1] ZwOpenKey [0xE0BA20D1] INT 0x03 \WINDOWS\system32\ntkrnlpa.exe[unknown section] E0BA20DB INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys F059316D INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys F0592FC2 INT 0x63 ? FC35ABEC INT 0x73 ? FC263BEC INT 0x83 ? FC655044 INT 0x84 ? FC37F95C INT 0x92 ? FC3FA264 INT 0x93 ? FC371BEC INT 0x94 ? FC227A54 INT 0xA3 ? FC321904 INT 0xA4 ? FC36A904 INT 0xB1 ? FC62010C INT 0xB4 ? FC61C1FC ---- Kernel code sections - GMER 2.2 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF4B553A0, 0x5FE082, 0xE8000020] .text C:\WINDOWS\system32\drivers\aksfridge.sys section is writeable [0xF022B000, 0x47E35, 0xE0000020] .init C:\WINDOWS\system32\drivers\aksfridge.sys entry point in ".init" section [0xF027F224] .init C:\WINDOWS\system32\drivers\aksfridge.sys unknown last code section [0xF027F000, 0x4000, 0xE20000E0] .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xF006F400, 0x6E6E2, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xF00F9820] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xF00F9820] .protect˙˙˙˙hardlockunknown last code section [0xF00F9600, 0x512A, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xF00F9600, 0x512A, 0xE0000020] C:\Program Files\ASUS\AI TouchMedia\PlayMovie\000.fcl entry point in "" section [0xEFE5941C] .clc C:\Program Files\ASUS\AI TouchMedia\PlayMovie\000.fcl unknown last code section [0xEFE5A000, 0x1000, 0xE0000020] ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys ---- EOF - GMER 2.2 ----