GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-23 17:41:31 Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS541080G9AT00 rev.MB4OA60A Running: fw9voivn.exe; Driver: C:\DOCUME~1\SZYM\LOCALS~1\Temp\awwyqfoc.sys ---- System - GMER 1.0.15 ---- SSDT 8A2B2190 ZwAlertResumeThread SSDT 8A5300D8 ZwAlertThread SSDT 8A3C4008 ZwAllocateVirtualMemory SSDT 8A55D558 ZwConnectPort SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB6B5B410] SSDT 8A3261C8 ZwCreateMutant SSDT 8A3FF008 ZwCreateThread SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB6B5B6B0] SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB6B5BDC0] SSDT sptd.sys ZwEnumerateKey [0xB9EC3FB2] SSDT sptd.sys ZwEnumerateValueKey [0xB9EC4340] SSDT 8A361838 ZwFreeVirtualMemory SSDT 8A5E1E18 ZwImpersonateAnonymousToken SSDT 8A41E770 ZwImpersonateThread SSDT 8A5DD0B0 ZwMapViewOfSection SSDT 8A5ACE18 ZwOpenEvent SSDT sptd.sys ZwOpenKey [0xB9EBE0B0] SSDT 8A386100 ZwOpenProcessToken SSDT 8A40F480 ZwOpenThreadToken SSDT sptd.sys ZwQueryKey [0xB9EC4418] SSDT 8A38C7B0 ZwQueryValueKey SSDT 8A577378 ZwResumeThread SSDT 8A2BB248 ZwSetContextThread SSDT 8A383118 ZwSetInformationProcess SSDT 8A5B7D80 ZwSetInformationThread SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB6B5C020] SSDT 8A565C30 ZwSuspendProcess SSDT 8A430BC0 ZwSuspendThread SSDT 8A299100 ZwTerminateProcess SSDT 8A4AE768 ZwTerminateThread SSDT 8A5470C8 ZwUnmapViewOfSection SSDT 8A28E068 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9827360, 0x22379D, 0xE8000020] .text USBPORT.SYS!DllUnload B965D7AE 5 Bytes JMP 8A4C71C8 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[692] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 011EB52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[692] kernel32.dll!lstrlenW + 43 7C809A5C 7 Bytes JMP 0149B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[692] kernel32.dll!MapViewOfFileEx + 6A 7C80B910 7 Bytes JMP 0149B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[692] GDI32.dll!SetDIBitsToDevice + 20D 77F19A9C 7 Bytes JMP 0149B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EBEAD4] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EBEC1A] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EBEB9C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EBF748] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EBF61E] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9ED429A] sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[436] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[436] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[436] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Acer\Empowering Technology\ePower\ePower_DMC.exe[436] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\Explorer.EXE[628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\Explorer.EXE[628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\Explorer.EXE[628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\Explorer.EXE[628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Mozilla Firefox\firefox.exe[692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Mozilla Firefox\firefox.exe[692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Mozilla Firefox\firefox.exe[692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Mozilla Firefox\firefox.exe[692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\ElkCtrl.exe[844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\ElkCtrl.exe[844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\ElkCtrl.exe[844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\ElkCtrl.exe[844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\wbem\unsecapp.exe[896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\wbem\unsecapp.exe[896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\wbem\unsecapp.exe[896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\wbem\unsecapp.exe[896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\rundll32.exe[1168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\rundll32.exe[1168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\rundll32.exe[1168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\rundll32.exe[1168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\rundll32.exe[2132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\rundll32.exe[2132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\rundll32.exe[2132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\rundll32.exe[2132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\ehome\ehtray.exe[2160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\ehome\ehtray.exe[2160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\ehome\ehtray.exe[2160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\ehome\ehtray.exe[2160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\PROGRA~1\LAUNCH~1\LManager.exe[2464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E52E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\PROGRA~1\LAUNCH~1\LManager.exe[2464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E52C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\PROGRA~1\LAUNCH~1\LManager.exe[2464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E52C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\PROGRA~1\LAUNCH~1\LManager.exe[2464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E52C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C52E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C52C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C52C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C52C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\RTHDCPL.EXE[2540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\RTHDCPL.EXE[2540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\RTHDCPL.EXE[2540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\RTHDCPL.EXE[2540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C22E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C22C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C22C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Acer\OrbiCam\CameraAssistant.exe[2644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C22C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\LVCOMSX.EXE[2772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\LVCOMSX.EXE[2772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\LVCOMSX.EXE[2772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\system32\LVCOMSX.EXE[2772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Documents and Settings\SZYM\My Documents\Pobieranie\fw9voivn.exe[2816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Documents and Settings\SZYM\My Documents\Pobieranie\fw9voivn.exe[2816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Documents and Settings\SZYM\My Documents\Pobieranie\fw9voivn.exe[2816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Documents and Settings\SZYM\My Documents\Pobieranie\fw9voivn.exe[2816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2928] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Acer\Empowering Technology\eRecovery\Monitor.exe[3088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D12E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Acer\Empowering Technology\eRecovery\Monitor.exe[3088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D12C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Acer\Empowering Technology\eRecovery\Monitor.exe[3088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D12C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Acer\Empowering Technology\eRecovery\Monitor.exe[3088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D12C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\eHome\ehmsas.exe[3144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\eHome\ehmsas.exe[3144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\eHome\ehmsas.exe[3144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\WINDOWS\eHome\ehmsas.exe[3144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Samsung\AllShare\AllShareAgent.exe[3252] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Samsung\AllShare\AllShareAgent.exe[3252] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Samsung\AllShare\AllShareAgent.exe[3252] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Samsung\AllShare\AllShareAgent.exe[3252] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Acer\Empowering Technology\admtray.exe[3540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [010C2E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Acer\Empowering Technology\admtray.exe[3540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [010C2C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Acer\Empowering Technology\admtray.exe[3540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [010C2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Acer\Empowering Technology\admtray.exe[3540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [010C2C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[3556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C12E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[3556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C12C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[3556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C12C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[3556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C12C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Messenger\msmsgs.exe[3856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Messenger\msmsgs.exe[3856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Messenger\msmsgs.exe[3856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\Program Files\Messenger\msmsgs.exe[3856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\DOCUME~1\SZYM\LOCALS~1\Temp\RtkBtMnt.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\DOCUME~1\SZYM\LOCALS~1\Temp\RtkBtMnt.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\DOCUME~1\SZYM\LOCALS~1\Temp\RtkBtMnt.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) IAT C:\DOCUME~1\SZYM\LOCALS~1\Temp\RtkBtMnt.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Fastfat \FatCdrom 8A6F41E8 AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\usbuhci \Device\USBPDO-0 8A4C11E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7121E8 Device \Driver\dmio \Device\DmControl\DmConfig 8A7121E8 Device \Driver\dmio \Device\DmControl\DmPnP 8A7121E8 Device \Driver\dmio \Device\DmControl\DmInfo 8A7121E8 Device \Driver\usbuhci \Device\USBPDO-1 8A4C11E8 Device \Driver\usbuhci \Device\USBPDO-2 8A4C11E8 Device \Driver\usbuhci \Device\USBPDO-3 8A4C11E8 Device \Driver\usbehci \Device\USBPDO-4 8A4644C8 AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7831E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7831E8 Device \Driver\Cdrom \Device\CdRom0 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies) Device \Driver\Cdrom \Device\CdRom0 8A318790 Device \Driver\Ftdisk \Device\HarddiskVolume3 8A7831E8 Device \Driver\atapi \Device\Ide\IdePort0 8A7111E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A7111E8 Device \Driver\atapi \Device\Ide\IdePort1 8A7111E8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A7111E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A3C1500 Device \Driver\NetBT \Device\NetbiosSmb 8A3C1500 AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{8CA0CACD-7B43-433E-8DC5-37F130E75042} 8A3C1500 Device \Driver\usbuhci \Device\USBFDO-0 8A4C11E8 Device \Driver\usbuhci \Device\USBFDO-1 8A4C11E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A43D1E8 Device \Driver\usbuhci \Device\USBFDO-2 8A4C11E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A43D1E8 Device \Driver\usbuhci \Device\USBFDO-3 8A4C11E8 Device \Driver\Ftdisk \Device\FtControl 8A7831E8 Device \Driver\usbehci \Device\USBFDO-4 8A4644C8 Device \Driver\NetBT \Device\NetBT_Tcpip_{0245A75E-2BC5-484F-B46D-B90084A960CA} 8A3C1500 Device \FileSystem\Fastfat \Fat 8A6F41E8 AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) AttachedDevice \FileSystem\Fastfat \Fat OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies) Device \FileSystem\Cdfs \Cdfs 8A45E1E8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a4fde349 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cee34723 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x7E 0x90 0x90 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0014a4fde349 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016cee34723 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x7E 0x90 0x90 ... ---- EOF - GMER 1.0.15 ----