GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-29 22:50:56 Windows 5.1.2600 Dodatek Service Pack 3 Running: 6jtthmrf.exe; Driver: C:\DOCUME~1\dom\USTAWI~1\Temp\fgroyaoc.sys ---- System - GMER 1.0.15 ---- SSDT F92856CE ZwCreateKey SSDT F92856C4 ZwCreateThread SSDT F92856D3 ZwDeleteKey SSDT F92856DD ZwDeleteValueKey SSDT F92856E2 ZwLoadKey SSDT F92856B0 ZwOpenProcess SSDT F92856B5 ZwOpenThread SSDT F92856EC ZwReplaceKey SSDT F92856E7 ZwRestoreKey SSDT F92856D8 ZwSetValueKey SSDT F92856BF ZwTerminateProcess ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Messenger\msmsgs.exe[172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F72EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Messenger\msmsgs.exe[172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F72C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Messenger\msmsgs.exe[172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F72C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Messenger\msmsgs.exe[172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F72C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [025E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [025E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [025E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [025E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[2080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00932EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[2080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00932C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[2080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00932C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[2080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00932C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Documents and Settings\dom\Pulpit\6jtthmrf.exe[2728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Documents and Settings\dom\Pulpit\6jtthmrf.exe[2728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Documents and Settings\dom\Pulpit\6jtthmrf.exe[2728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Documents and Settings\dom\Pulpit\6jtthmrf.exe[2728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC5 0x6E 0x2E 0x71 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xF5 0x77 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x39 0x47 0x42 0xE3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xAB 0x3C 0x1F 0x4E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xF5 0x77 0x0F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD4 0xD0 0x14 0xDA ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xAB 0x3C 0x1F 0x4E ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC5 0x6E 0x2E 0x71 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xF5 0x77 0x0F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x39 0x47 0x42 0xE3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xAB 0x3C 0x1F 0x4E ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF962D94-9FD0-5233-E72B-046DBB238B09} ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\dom\Dane aplikacji\Macromedia\Flash Player\#SharedObjects\UXTYWVYX\tvsggw.cem.sggw.pl.\wp-content 0 bytes File C:\Documents and Settings\dom\Dane aplikacji\Macromedia\Flash Player\#SharedObjects\UXTYWVYX\tvsggw.cem.sggw.pl.\wp-content\plugins 0 bytes File C:\Documents and Settings\dom\Dane aplikacji\Macromedia\Flash Player\#SharedObjects\UXTYWVYX\tvsggw.cem.sggw.pl.\wp-content\plugins\hana-flv-player 0 bytes File C:\Documents and Settings\dom\Dane aplikacji\Macromedia\Flash Player\#SharedObjects\UXTYWVYX\tvsggw.cem.sggw.pl.\wp-content\plugins\hana-flv-player\flowplayer3 0 bytes File C:\Documents and Settings\dom\Dane aplikacji\Macromedia\Flash Player\#SharedObjects\UXTYWVYX\tvsggw.cem.sggw.pl.\wp-content\plugins\hana-flv-player\flowplayer3\flowplayer-3.1.1.swf 0 bytes File C:\Documents and Settings\dom\Dane aplikacji\Macromedia\Flash Player\#SharedObjects\UXTYWVYX\sggw.tv.\wp-content 0 bytes File C:\Documents and Settings\dom\Dane aplikacji\Macromedia\Flash Player\#SharedObjects\UXTYWVYX\sggw.tv.\wp-content\plugins 0 bytes File C:\Documents and Settings\dom\Dane aplikacji\Macromedia\Flash Player\#SharedObjects\UXTYWVYX\sggw.tv.\wp-content\plugins\hana-flv-player 0 bytes File C:\Documents and Settings\dom\Dane aplikacji\Macromedia\Flash Player\#SharedObjects\UXTYWVYX\sggw.tv.\wp-content\plugins\hana-flv-player\flowplayer3 0 bytes File C:\Documents and Settings\dom\Dane aplikacji\Macromedia\Flash Player\#SharedObjects\UXTYWVYX\sggw.tv.\wp-content\plugins\hana-flv-player\flowplayer3\flowplayer-3.1.1.swf 0 bytes File C:\Documents and Settings\dom\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tvsggw.cem.sggw.pl.\settings.sol 89 bytes File C:\Documents and Settings\dom\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#sggw.tv.\settings.sol 78 bytes ---- EOF - GMER 1.0.15 ----