GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-11-18 17:32:32 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\00000071 SAMSUNG_SP1603C rev.VL100-50 Running: gmer.exe; Driver: C:\DOCUME~1\Jacek\USTAWI~1\Temp\uwtiqpob.sys ---- System - GMER 1.0.15 ---- SSDT F7BB13C6 ZwCreateKey SSDT F7BB13BC ZwCreateThread SSDT F7BB13CB ZwDeleteKey SSDT F7BB13D5 ZwDeleteValueKey SSDT F7BB13DA ZwLoadKey SSDT F7BB13A8 ZwOpenProcess SSDT F7BB13AD ZwOpenThread SSDT F7BB13E4 ZwReplaceKey SSDT F7BB13DF ZwRestoreKey SSDT F7BB13D0 ZwSetValueKey SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB964775C] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF53A5360, 0x24526E, 0xE8000020] ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Nie można odnaleźć określonego pliku. ! ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\Explorer.EXE[188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01582F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01582CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01582D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01582CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Jacek\Pulpit\gmer.exe[2348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BB2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Jacek\Pulpit\gmer.exe[2348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BB2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Jacek\Pulpit\gmer.exe[2348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BB2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Jacek\Pulpit\gmer.exe[2348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BB2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00942F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00942CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00942D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00942CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{54AB9048-F0EB-2552-ED2A-AEE294880D58} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E40BC7BC-F622-BCB0-D55C-9D7F9FCF5B54} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E40BC7BC-F622-BCB0-D55C-9D7F9FCF5B54}@pahbmpnjcpcegfpikejggnhnighidbgj 0x6B 0x61 0x6B 0x63 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E40BC7BC-F622-BCB0-D55C-9D7F9FCF5B54}@oanagpcjgbmdoidmmcacfbjmjkfkpf 0x6B 0x61 0x6B 0x63 ... ---- EOF - GMER 1.0.15 ----