GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-19 12:51:47 Windows 5.1.2600 Dodatek Service Pack 3 Running: l8y18bx8.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\kwlcikob.sys ---- System - GMER 1.0.15 ---- SSDT FolderHK.sys (Wondershare Time Freeze Component/Wondershare Software Co.,Ltd) ZwClose [0xF7730002] SSDT FolderHK.sys (Wondershare Time Freeze Component/Wondershare Software Co.,Ltd) ZwCreateFile [0xF772FEAC] SSDT FolderHK.sys (Wondershare Time Freeze Component/Wondershare Software Co.,Ltd) ZwDeleteFile [0xF772FF88] SSDT FolderHK.sys (Wondershare Time Freeze Component/Wondershare Software Co.,Ltd) ZwOpenFile [0xF772FDFE] SSDT FolderHK.sys (Wondershare Time Freeze Component/Wondershare Software Co.,Ltd) ZwReadFile [0xF772FFB2] SSDT FolderHK.sys (Wondershare Time Freeze Component/Wondershare Software Co.,Ltd) ZwSetInformationFile [0xF772FF96] SSDT FolderHK.sys (Wondershare Time Freeze Component/Wondershare Software Co.,Ltd) ZwWriteFile [0xF772FFDA] ---- Kernel code sections - GMER 1.0.15 ---- ? C:\WINDOWS\system32\drivers\SafeBoot.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe[2384] USER32.dll!SetScrollInfo 7E369056 5 Bytes JMP 00E3E144 C:\Program Files\BullGuard Ltd\BullGuard\gui\BgScrollHookDll.dll (BullGuard Scrollbar Module/BullGuard Ltd.) .text C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe[2384] USER32.dll!GetScrollInfo 7E37DFE2 5 Bytes JMP 00E3E0C0 C:\Program Files\BullGuard Ltd\BullGuard\gui\BgScrollHookDll.dll (BullGuard Scrollbar Module/BullGuard Ltd.) .text C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe[2384] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 00E3E1C8 C:\Program Files\BullGuard Ltd\BullGuard\gui\BgScrollHookDll.dll (BullGuard Scrollbar Module/BullGuard Ltd.) .text C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe[2384] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 00E3E0EC C:\Program Files\BullGuard Ltd\BullGuard\gui\BgScrollHookDll.dll (BullGuard Scrollbar Module/BullGuard Ltd.) .text C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe[2384] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 00E3E170 C:\Program Files\BullGuard Ltd\BullGuard\gui\BgScrollHookDll.dll (BullGuard Scrollbar Module/BullGuard Ltd.) .text C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe[2384] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 00E3E118 C:\Program Files\BullGuard Ltd\BullGuard\gui\BgScrollHookDll.dll (BullGuard Scrollbar Module/BullGuard Ltd.) .text C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe[2384] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 00E3E19C C:\Program Files\BullGuard Ltd\BullGuard\gui\BgScrollHookDll.dll (BullGuard Scrollbar Module/BullGuard Ltd.) .text C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe[2384] USER32.dll!EnableScrollBar 7E3B8005 5 Bytes JMP 00E3E094 C:\Program Files\BullGuard Ltd\BullGuard\gui\BgScrollHookDll.dll (BullGuard Scrollbar Module/BullGuard Ltd.) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F593B928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F593B928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F593B928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F593B928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F593B928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F593B928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F593B928] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs BdFileSpy.sys (BullGuard File Monitor (x86)/BullGuard Ltd.) Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group) Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) ---- EOF - GMER 1.0.15 ----