GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-11-17 17:30:19 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\00000072 SAMSUNG_SP1603C rev.VL100-50 Running: gmer.exe; Driver: C:\DOCUME~1\Jacek\USTAWI~1\Temp\uwtiqpob.sys ---- System - GMER 1.0.15 ---- SSDT F7BC6716 ZwCreateKey SSDT F7BC670C ZwCreateThread SSDT F7BC671B ZwDeleteKey SSDT F7BC6725 ZwDeleteValueKey SSDT F7BC672A ZwLoadKey SSDT F7BC66F8 ZwOpenProcess SSDT F7BC66FD ZwOpenThread SSDT F7BC6734 ZwReplaceKey SSDT F7BC672F ZwRestoreKey SSDT F7BC6720 ZwSetValueKey ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5428360, 0x24526E, 0xE8000020] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\Explorer.EXE[1948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [05132F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [05132CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [05132D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [05132CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{54AB9048-F0EB-2552-ED2A-AEE294880D58} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E40BC7BC-F622-BCB0-D55C-9D7F9FCF5B54} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E40BC7BC-F622-BCB0-D55C-9D7F9FCF5B54}@pahbmpnjcpcegfpikejggnhnighidbgj 0x6B 0x61 0x6B 0x63 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E40BC7BC-F622-BCB0-D55C-9D7F9FCF5B54}@oanagpcjgbmdoidmmcacfbjmjkfkpf 0x6B 0x61 0x6B 0x63 ... ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\LocalService\Dane aplikacji\Adobe 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\Adobe\Flash Player 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\Adobe\Flash Player\AssetCache 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\Adobe\Flash Player\AssetCache\SB2Q2L3B 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\CyberLink 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\CyberLink\RVInfo 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\CyberLink\RVInfo\RV25A.tmp 313577 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\Credentials 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\Credentials\S-1-5-19 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\Internet Explorer 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\Media Player 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates\My 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\UPnP Device Host 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\UPnP Device Host\upnphost 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 26624 bytes executable File C:\Documents and Settings\LocalService\Dane aplikacji\SACore 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\.name 4 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\.subcache 270 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\34E1E9734063A29C86BBAFEE64541E1A7508F912 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\34E1E9734063A29C86BBAFEE64541E1A7508F912\.name 20 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\34E1E9734063A29C86BBAFEE64541E1A7508F912\.subcache 22 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\34E1E9734063A29C86BBAFEE64541E1A7508F912\34E1E9734063A29C86BBAFEE64541E1A7508F912 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\34E1E9734063A29C86BBAFEE64541E1A7508F912\34E1E9734063A29C86BBAFEE64541E1A7508F912\.name 20 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\34E1E9734063A29C86BBAFEE64541E1A7508F912\34E1E9734063A29C86BBAFEE64541E1A7508F912\Data.dat 6338 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\34E1E9734063A29C86BBAFEE64541E1A7508F912\Data.dat 342 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\50B4C0A5D5EC433E01BFA09ECAC3994550D5225E 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\50B4C0A5D5EC433E01BFA09ECAC3994550D5225E\.name 20 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\50B4C0A5D5EC433E01BFA09ECAC3994550D5225E\.subcache 22 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\50B4C0A5D5EC433E01BFA09ECAC3994550D5225E\50B4C0A5D5EC433E01BFA09ECAC3994550D5225E 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\50B4C0A5D5EC433E01BFA09ECAC3994550D5225E\50B4C0A5D5EC433E01BFA09ECAC3994550D5225E\.name 20 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\50B4C0A5D5EC433E01BFA09ECAC3994550D5225E\50B4C0A5D5EC433E01BFA09ECAC3994550D5225E\Data.dat 5354 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\50B4C0A5D5EC433E01BFA09ECAC3994550D5225E\Data.dat 316 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\78A385D79D9D7A3EB3C9E7A1D383559A2A840FC9 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\78A385D79D9D7A3EB3C9E7A1D383559A2A840FC9\.name 18 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\78A385D79D9D7A3EB3C9E7A1D383559A2A840FC9\.subcache 20 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\78A385D79D9D7A3EB3C9E7A1D383559A2A840FC9\78A385D79D9D7A3EB3C9E7A1D383559A2A840FC9 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\78A385D79D9D7A3EB3C9E7A1D383559A2A840FC9\78A385D79D9D7A3EB3C9E7A1D383559A2A840FC9\.name 18 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\78A385D79D9D7A3EB3C9E7A1D383559A2A840FC9\78A385D79D9D7A3EB3C9E7A1D383559A2A840FC9\Data.dat 6312 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\78A385D79D9D7A3EB3C9E7A1D383559A2A840FC9\Data.dat 326 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\7CEB10733C2DFA14A01ABD511A827C6056E45A97 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\7CEB10733C2DFA14A01ABD511A827C6056E45A97\.name 22 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\7CEB10733C2DFA14A01ABD511A827C6056E45A97\.subcache 24 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\7CEB10733C2DFA14A01ABD511A827C6056E45A97\7CEB10733C2DFA14A01ABD511A827C6056E45A97 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\7CEB10733C2DFA14A01ABD511A827C6056E45A97\7CEB10733C2DFA14A01ABD511A827C6056E45A97\.name 22 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\7CEB10733C2DFA14A01ABD511A827C6056E45A97\7CEB10733C2DFA14A01ABD511A827C6056E45A97\Data.dat 6524 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\7CEB10733C2DFA14A01ABD511A827C6056E45A97\Data.dat 418 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\95904B23D1C87AC657C6C8BE542C7F1BE3012560 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\95904B23D1C87AC657C6C8BE542C7F1BE3012560\.name 36 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\95904B23D1C87AC657C6C8BE542C7F1BE3012560\.subcache 38 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\95904B23D1C87AC657C6C8BE542C7F1BE3012560\95904B23D1C87AC657C6C8BE542C7F1BE3012560 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\95904B23D1C87AC657C6C8BE542C7F1BE3012560\95904B23D1C87AC657C6C8BE542C7F1BE3012560\.name 36 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\95904B23D1C87AC657C6C8BE542C7F1BE3012560\95904B23D1C87AC657C6C8BE542C7F1BE3012560\Data.dat 6458 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\95904B23D1C87AC657C6C8BE542C7F1BE3012560\Data.dat 344 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\99D4C6B03B79AA322AACF1D18DC287DC7BD151D0 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\99D4C6B03B79AA322AACF1D18DC287DC7BD151D0\.name 36 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\99D4C6B03B79AA322AACF1D18DC287DC7BD151D0\.subcache 38 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\99D4C6B03B79AA322AACF1D18DC287DC7BD151D0\99D4C6B03B79AA322AACF1D18DC287DC7BD151D0 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\99D4C6B03B79AA322AACF1D18DC287DC7BD151D0\99D4C6B03B79AA322AACF1D18DC287DC7BD151D0\.name 36 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\99D4C6B03B79AA322AACF1D18DC287DC7BD151D0\99D4C6B03B79AA322AACF1D18DC287DC7BD151D0\Data.dat 6476 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\99D4C6B03B79AA322AACF1D18DC287DC7BD151D0\Data.dat 344 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B6D5A63F934F383723EF2212EC43F3D893F0B50D 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B6D5A63F934F383723EF2212EC43F3D893F0B50D\.name 26 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B6D5A63F934F383723EF2212EC43F3D893F0B50D\.subcache 28 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B6D5A63F934F383723EF2212EC43F3D893F0B50D\B6D5A63F934F383723EF2212EC43F3D893F0B50D 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B6D5A63F934F383723EF2212EC43F3D893F0B50D\B6D5A63F934F383723EF2212EC43F3D893F0B50D\.name 26 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B6D5A63F934F383723EF2212EC43F3D893F0B50D\B6D5A63F934F383723EF2212EC43F3D893F0B50D\Data.dat 6340 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B6D5A63F934F383723EF2212EC43F3D893F0B50D\Data.dat 336 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\FB6165F4EFF2C2196A89211395412E06F861D8AA 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\FB6165F4EFF2C2196A89211395412E06F861D8AA\.name 40 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\FB6165F4EFF2C2196A89211395412E06F861D8AA\.subcache 42 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\FB6165F4EFF2C2196A89211395412E06F861D8AA\Data.dat 372 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\FB6165F4EFF2C2196A89211395412E06F861D8AA\FB6165F4EFF2C2196A89211395412E06F861D8AA 0 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\FB6165F4EFF2C2196A89211395412E06F861D8AA\FB6165F4EFF2C2196A89211395412E06F861D8AA\.name 40 bytes File C:\Documents and Settings\LocalService\Dane aplikacji\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\FB6165F4EFF2C2196A89211395412E06F861D8AA\FB6165F4EFF2C2196A89211395412E06F861D8AA\Data.dat 6518 bytes File C:\Documents and Settings\LocalService\Menu Start\Programy 0 bytes ---- EOF - GMER 1.0.15 ----