GMER 1.0.15.15319 - http://www.gmer.net Rootkit scan 2010-10-18 21:19:41 Windows 5.1.2600 Dodatek Service Pack 3 Running: 9rxhi5nk.exe; Driver: C:\Temp\kgtdqpow.sys ---- System - GMER 1.0.15 ---- SSDT BA795F36 ZwCreateKey SSDT BA795F2C ZwCreateThread SSDT BA795F3B ZwDeleteKey SSDT BA795F45 ZwDeleteValueKey SSDT BA795F4A ZwLoadKey SSDT BA795F18 ZwOpenProcess SSDT BA795F1D ZwOpenThread SSDT BA795F54 ZwReplaceKey SSDT BA795F4F ZwRestoreKey SSDT BA795F40 ZwSetValueKey ---- Kernel code sections - GMER 1.0.15 ---- .xreloc C:\WINDOWS\system32\drivers\ps7arj8b.sys unknown last section [0xB9F66000, 0x9F4, 0x40000040] .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB96A6000, 0x1B601E, 0xE8000020] init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xACF86A00] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA9A4D300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xAC7AF300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1172] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 003C5CF0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1172] USER32.dll!SetWindowRgn + 2BD 7E37E7E5 7 Bytes JMP 003C5C60 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1172] USER32.dll!SetClipboardData + 19D 7E38113B 1 Byte [E9] .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[1172] USER32.dll!SetClipboardData + 19D 7E38113B 7 Bytes JMP 003C5CD0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----