GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-09-22 12:18:20 Windows 5.1.2600 Dodatek Service Pack 3 Running: un39ok1j.exe; Driver: C:\DOCUME~1\Xebritas\USTAWI~1\Temp\ugnyraog.sys ---- Kernel code sections - GMER 1.0.15 ---- ? SYMEFA.SYS Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6AE13A0, 0x59FFE5, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[2360] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01CF003A ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\Explorer.EXE[120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\TrueCrypt\TrueCrypt.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\TrueCrypt\TrueCrypt.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\TrueCrypt\TrueCrypt.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\TrueCrypt\TrueCrypt.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Xebritas\Moje dokumenty\Pobieranie\un39ok1j.exe[1892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Xebritas\Moje dokumenty\Pobieranie\un39ok1j.exe[1892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Xebritas\Moje dokumenty\Pobieranie\un39ok1j.exe[1892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Xebritas\Moje dokumenty\Pobieranie\un39ok1j.exe[1892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00FD2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00FD2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00FD2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[2360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00FD2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C02F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C02CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C02D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C02CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wuauclt.exe[3928] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [016D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wuauclt.exe[3928] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [016D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wuauclt.exe[3928] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [016D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wuauclt.exe[3928] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [016D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) ---- EOF - GMER 1.0.15 ----