GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-17 18:41:37
Windows 5.1.2600 Dodatek Service Pack 3
Running: l8y18bx8.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\kwlcikob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                   ZwAssignProcessToJobObject [0xF755D59A]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                   ZwCreateThread [0xF755D5DE]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                   ZwDeleteKey [0xF755D3B0]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                   ZwDeleteValueKey [0xF755D428]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                   ZwOpenProcess [0xF755D95C]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                   ZwOpenThread [0xF755D80A]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                   ZwProtectVirtualMemory [0xF755D67C]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                   ZwSetContextThread [0xF755D550]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                   ZwSetValueKey [0xF755D4B6]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                   ZwTerminateProcess [0xF755DAEE]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                   ZwTerminateThread [0xF755D712]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                   ZwWriteVirtualMemory [0xF755D754]

---- Kernel code sections - GMER 1.0.15 ----

?               C:\WINDOWS\system32\drivers\SafeBoot.sys                                                 Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtWriteFile                                       7C90DF7E 5 Bytes  JMP 018C6641 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text           C:\WINDOWS\Explorer.EXE[808] kernel32.dll!CreateThread                                   7C8106D7 2 Bytes  JMP 018C5C60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text           C:\WINDOWS\Explorer.EXE[808] kernel32.dll!CreateThread + 3                               7C8106DA 2 Bytes  [0B, 85]
.text           C:\WINDOWS\Explorer.EXE[808] USER32.dll!SetWindowTextW                                   7E37960E 5 Bytes  JMP 018C633A C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text           C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe[1640] USER32.dll!SetScrollInfo    7E369056 5 Bytes  JMP 00E1E144 C:\Program Files\BullGuard Ltd\BullGuard\gui\BgScrollHookDll.dll (BullGuard Scrollbar Module/BullGuard Ltd.)
.text           C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe[1640] USER32.dll!GetScrollInfo    7E37DFE2 5 Bytes  JMP 00E1E0C0 C:\Program Files\BullGuard Ltd\BullGuard\gui\BgScrollHookDll.dll (BullGuard Scrollbar Module/BullGuard Ltd.)
.text           C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe[1640] USER32.dll!ShowScrollBar    7E37F2F2 5 Bytes  JMP 00E1E1C8 C:\Program Files\BullGuard Ltd\BullGuard\gui\BgScrollHookDll.dll (BullGuard Scrollbar Module/BullGuard Ltd.)
.text           C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe[1640] USER32.dll!GetScrollPos     7E37F704 5 Bytes  JMP 00E1E0EC C:\Program Files\BullGuard Ltd\BullGuard\gui\BgScrollHookDll.dll (BullGuard Scrollbar Module/BullGuard Ltd.)
.text           C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe[1640] USER32.dll!SetScrollPos     7E37F750 5 Bytes  JMP 00E1E170 C:\Program Files\BullGuard Ltd\BullGuard\gui\BgScrollHookDll.dll (BullGuard Scrollbar Module/BullGuard Ltd.)
.text           C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe[1640] USER32.dll!GetScrollRange   7E37F787 5 Bytes  JMP 00E1E118 C:\Program Files\BullGuard Ltd\BullGuard\gui\BgScrollHookDll.dll (BullGuard Scrollbar Module/BullGuard Ltd.)
.text           C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe[1640] USER32.dll!SetScrollRange   7E37F99B 5 Bytes  JMP 00E1E19C C:\Program Files\BullGuard Ltd\BullGuard\gui\BgScrollHookDll.dll (BullGuard Scrollbar Module/BullGuard Ltd.)
.text           C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe[1640] USER32.dll!EnableScrollBar  7E3B8005 5 Bytes  JMP 00E1E094 C:\Program Files\BullGuard Ltd\BullGuard\gui\BgScrollHookDll.dll (BullGuard Scrollbar Module/BullGuard Ltd.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter]                       [F5FD8928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                      [F5FD8928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                       [F5FD8928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                         [F5FD8928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                        [F5FD8928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT             \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter]                       [F5FD8928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                       [F5FD8928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                   BdFileSpy.sys (BullGuard File Monitor (x86)/BullGuard Ltd.)

Device          \Driver\Tcpip \Device\Ip                                                                 afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \Driver\Tcpip \Device\Tcp                                                                afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                pxrts.sys (Prevx Realtime Security/Prevx)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                   hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                   hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                   hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

Device          \Driver\Tcpip \Device\Udp                                                                afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device          \Driver\Tcpip \Device\RawIp                                                              afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device          \Driver\Tcpip \Device\IPMULTICAST                                                        afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

---- EOF - GMER 1.0.15 ----