GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2009-12-18 23:21:50
Windows 5.1.2600 Service Pack 3
Running: 71ck5qp6.exe; Driver: C:\DOCUME~1\desktop\LOCALS~1\Temp\fxddapoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB571F000, 0x230C27, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\RTHDCPL.EXE[1060] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10005C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
.text C:\WINDOWS\System32\svchost.exe[1084] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 01E59DD2
.text C:\WINDOWS\System32\svchost.exe[1084] NETAPI32.dll!NetpwPathCanonicalize 5B86A3A9 5 Bytes JMP 01E59D72
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1108] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00C35C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
.text C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe[1152] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 015C5C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 007D9DD2
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1176] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10005C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1552] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10005C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1584] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10005C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1712] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 02845C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1828] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10005C5B c:\progra~1\mcafee.com\vso\McVSSkt.dll (McAfee VirusScan Winsock Helper DLL/Networks Associates Technology, Inc)
.text ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs NaiFiltr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----