GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-02-07 20:12:11 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- Code F76B3F92 ZwCreateDirectoryObject Code F76B3D47 ZwCreateFile Code F76B40E2 ZwCreateKey Code F76B424A ZwCreateSection Code F76B4D62 ZwEnumerateKey Code F76B49FB ZwEnumerateValueKey Code 8652BC38 ZwFlushInstructionCache Code F76B55D5 ZwLoadDriver Code F76B403A ZwOpenDirectoryObject Code F76B3ED8 ZwOpenFile Code F76B41A2 ZwOpenKey Code F76B430A ZwOpenSection Code F76B43B2 ZwOpenSymbolicLinkObject Code F76B56B8 ZwQueryDirectoryFile Code F76B4680 ZwQueryDirectoryObject Code F76B5091 ZwQueryValueKey Code F76B3E12 IoCreateFile Code F76B3E88 IoCreateStreamFileObject Code EE3E8323 pIofCallDriver Code F76B3D46 NtCreateFile Code F76B4249 NtCreateSection Code F76B3ED7 NtOpenFile Code F76B56B7 NtQueryDirectoryFile Code F76B3FE4 ZwCreateDirectoryObject Code F76B3DA5 ZwCreateFile Code F76B4140 ZwCreateKey Code F76B42A8 ZwCreateSection Code F76B4EF6 ZwEnumerateKey Code F76B4BA9 ZwEnumerateValueKey Code F76B5643 ZwLoadDriver Code F76B408C ZwOpenDirectoryObject Code F76B3F33 ZwOpenFile Code F76B41F4 ZwOpenKey Code F76B435C ZwOpenSection Code F76B4404 ZwOpenSymbolicLinkObject Code F76B5764 ZwQueryDirectoryFile Code F76B483A ZwQueryDirectoryObject Code F76B5212 ZwQueryValueKey ---- Kernel code sections - GMER 1.0.14 ---- PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805AAC4A 5 Bytes JMP 8652BC3C PAGE ntkrnlpa.exe!ZwCreateKey + 7 80618F19 1 Byte [ 8F ] PAGE ntkrnlpa.exe!ZwOpenKey + 7 8061A2AF 1 Byte [ 90 ] ? C:\WINDOWS\System32\drivers\RTL81399.sys The process cannot access the file because it is being used by another process. ---- Devices - GMER 1.0.14 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company) Device \Driver\RTL81399 \Device\RTL81399 EE2B758A AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr.sys (Family Safety Filter Driver/Microsoft Corporation) Device \Driver\hswcpcjf \Device\SAMPLEDEV35 F76B3416 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- Modules - GMER 1.0.14 ---- Module \systemroot\system32\drivers\senekacunotklw.sys (*** hidden *** ) EE3E6000-EE40D000 (159744 bytes) Module hhxohxac.sys (*** hidden *** ) F76B2000-F76BB000 (36864 bytes) ---- EOF - GMER 1.0.14 ----