GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-12-21 21:58:02 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\viamraid2Port3Path0Target0Lun0 ST316082 rev.3.42 149,05GB Running: cc0fisc7.exe; Driver: C:\DOCUME~1\Kamil\USTAWI~1\Temp\pxtdqpod.sys ---- System - GMER 2.1 ---- SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAddBootEntry [0xA6E3FAD0] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xA6E405AE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwClose [0xA6E847D0] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEvent [0xA6E4C5E0] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEventPair [0xA6E4C62C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xA6E4C7C6] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateKey [0xA6E84184] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateMutant [0xA6E4C54E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSection [0xA6E4C670] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xA6E4C596] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateThread [0xA6E40AE4] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateTimer [0xA6E4C780] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xA6E4139C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xA6E3FB36] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteKey [0xA6E84E96] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xA6E8514C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDuplicateObject [0xA6E44B32] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateKey [0xA6E84D01] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xA6E84B6C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwLoadDriver [0xA6E3F71E] SSDT \??\c:\documents and settings\kamil\ustawienia lokalne\temp\F3E7353.sys ZwMakeTemporaryObject [0xA7818C42] SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwMapViewOfSection [0xA6EF6466] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xA6E3FB9C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xA6E44F28] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xA6E41E2C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEvent [0xA6E4C60A] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEventPair [0xA6E4C64E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xA6E4C7EA] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenKey [0xA6E844E0] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenMutant [0xA6E4C574] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenProcess [0xA6E4442C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSection [0xA6E4C6FE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xA6E4C5BE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenThread [0xA6E44814] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenTimer [0xA6E4C7A4] SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xA6EF620A] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryKey [0xA6E849E7] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryObject [0xA6E41CF8] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryValueKey [0xA6E84839] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueueApcThread [0xA6E4184E] SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwRenameKey [0xA6F041EA] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwRestoreKey [0xA6E837CA] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xA6E3FC02] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootOptions [0xA6E3FC68] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetContextThread [0xA6E41216] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xA6E3F7B8] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xA6E3F98E] SSDT \??\c:\documents and settings\kamil\ustawienia lokalne\temp\F3E7353.sys ZwSetSystemTime [0xA781594A] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetValueKey [0xA6E84F9D] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwShutdownSystem [0xA6E3F91C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendProcess [0xA6E41566] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendThread [0xA6E416C8] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xA6E3FA16] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateProcess [0xA6E41054] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateThread [0xA6E411F6] SSDT \??\c:\documents and settings\kamil\ustawienia lokalne\temp\F3E7353.sys ZwUnmapViewOfSection [0xA7818BB4] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwVdmControl [0xA6E3FCCE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xA6E4060A] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 25F8 80501E54 4 Bytes JMP FCA6E4C7 .text ntkrnlpa.exe!ZwCallbackReturn + 2600 80501E5C 8 Bytes [E0, 44, E8, A6, 74, C5, E4, ...] {LOOPNZ 0x46; CALL 0xe4c574ad; CMPSB } .text ntkrnlpa.exe!ZwCallbackReturn + 2724 80501F80 4 Bytes [EA, 41, F0, A6] .text ntkrnlpa.exe!ZwCallbackReturn + 2770 80501FCC 12 Bytes [02, FC, E3, A6, 68, FC, E3, ...] {ADD BH, AH; JECXZ 0xffffffaa; PUSH DWORD 0x16a6e3fc; ADC AH, AH; CMPSB } .text ntkrnlpa.exe!ZwCallbackReturn + 27E4 80502040 12 Bytes [B8, F7, E3, A6, 8E, F9, E3, ...] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059BA02 4 Bytes CALL A6E424FD \??\C:\WINDOWS\system32\drivers\aswSnx.sys .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5BA93C0, 0x7FDE3A, 0xE8000020] ? c:\documents and settings\kamil\ustawienia lokalne\temp\F3E7353.sys Nie można odnaleźć określonego pliku. ! ? c:\documents and settings\kamil\ustawienia lokalne\temp\117B06F1.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2504] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUi.exe[2660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUi.exe[2660] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text E:\Downloads\cc0fisc7.exe[3596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text E:\Downloads\cc0fisc7.exe[3596] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 895E4670 Device \FileSystem\Ntfs \Ntfs 8970B478 Device \FileSystem\Ntfs \Ntfs 88F40878 Device \FileSystem\Ntfs \Ntfs 89121960 Device \FileSystem\Ntfs \Ntfs 88E86F48 AttachedDevice \FileSystem\Ntfs \Ntfs F3E7353.sys AttachedDevice \Driver\Tcpip \Device\Ip F3E7353.sys AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp F3E7353.sys AttachedDevice \Driver\Tcpip \Device\Tcp fltMgr.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys Device \FileSystem\519CB102F7E88E94 \Device\519CB102F7E88E94 F3E7353.sys AttachedDevice \Driver\Tcpip \Device\Udp F3E7353.sys AttachedDevice \Driver\Tcpip \Device\Udp fltMgr.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp F3E7353.sys AttachedDevice \Driver\Tcpip \Device\RawIp fltMgr.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys AttachedDevice \FileSystem\Fastfat \Fat F3E7353.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???4????IDE\DiskST3160827AS_____________3.42\2020202020202020202020204D34305458335047????8?8?8??? ?????????????,??????????????????!?&????????????????????k??? ???????,???????????,?,????????H??? ??????nti????H??,???.?????????????????4???????????????????? ???????? ?????????????,??????????????????$?&????????????????????t???????,???5??????????1????\???????O??? ??1????l?????WI~??? ???????,???????????,?,????????H??? ??????il\????H??,???s?????????????????4???????????????????? ???\K??? ?????????????,??????????????????-?&????????????????????????????,??????????jyuhxcaq????????1???????????????? ??1???????????????? ???????,???????????,?,????????H??? ????????U????H??,???5?????????????????4???????????????????? ???ns?????,?????????,??????s???aswRvrt??0????p??/???????????????????%?,???,????(Standardowe urz?dzenia systemowe)??????Magistrala PCI???????,?,?,?,?1?2?s??{4D36E97D-E325-11CE-BFC1-08002BE10318}\0034?????(Standardowe urz?dzenia systemowe)???????,?,?,?,as??%SystemRoot%\system32????????????????????????????,???????,????? Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{6752FC50-4813-4DBC-9AF6-BB9495D0DCDC}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{75992378-8188-4B12-8D4C-D019B69B3ABB}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{F2332008-9706-41A9-B7E2-82DFF56F9A6E}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{6752FC50-4813-4DBC-9AF6-BB9495D0DCDC}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{75992378-8188-4B12-8D4C-D019B69B3ABB}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{F2332008-9706-41A9-B7E2-82DFF56F9A6E}\0000@D3D_\x3332\x3331 2089309684 ---- EOF - GMER 2.1 ----