GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-05 22:47:46 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320325AS rev.0002SDM1 298,09GB Running: t2rzi1kz.exe; Driver: C:\Users\Asus\AppData\Local\Temp\kxldrpoc.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8F957ACC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8F9585AA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x8F964692] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8F9646DE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8F964878] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x8F964600] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwCreateSection [0x9041A426] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8F964648] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x8F958AE0] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x8F964832] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8F959398] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8F957B32] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8F95CBE4] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x8F95771E] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwMapViewOfSection [0x9041A506] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8F957B98] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8F95CFDA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8F959EDE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x8F9646BC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8F964700] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8F96489C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x8F964626] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x8F95C4DE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x8F9647B0] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8F964670] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x8F95C8C6] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x8F964856] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x9041A2AA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x8F959CF4] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThread [0x8F95984A] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8F957BFE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8F957C64] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x9041A602] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8F9577B8] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8F95798A] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8F957918] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8F959562] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x8F9596C4] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8F957A12] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x9041A378] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x8F9591F2] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x8F957CCA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x8F958606] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x8F958CFC] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 82EFA890 4 Bytes [CC, 7A, 95, 8F] .text ntkrnlpa.exe!KeSetEvent + 191 82EFA914 4 Bytes [AA, 85, 95, 8F] .text ntkrnlpa.exe!KeSetEvent + 1D1 82EFA954 8 Bytes [92, 46, 96, 8F, DE, 46, 96, ...] .text ntkrnlpa.exe!KeSetEvent + 1DD 82EFA960 4 Bytes [78, 48, 96, 8F] .text ntkrnlpa.exe!KeSetEvent + 1F5 82EFA978 4 Bytes [00, 46, 96, 8F] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 83087E18 4 Bytes CALL 8F95A5C5 \??\C:\Windows\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8308BA8C 4 Bytes CALL 8F95A5DB \??\C:\Windows\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1784] kernel32.dll!GetBinaryTypeW + 70 76452467 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1260] kernel32.dll!GetBinaryTypeW + 70 76452467 1 Byte [62] .text C:\Users\Asus\Desktop\komp Dawida\t2rzi1kz.exe[3416] kernel32.dll!GetBinaryTypeW + 70 76452467 1 Byte [62] .text C:\Windows\Explorer.EXE[1704] kernel32.dll!GetBinaryTypeW + 70 76452467 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[1252] kernel32.dll!GetBinaryTypeW + 70 76452467 1 Byte [62] .text ... ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\services.exe[648] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 001C0002 IAT C:\Windows\system32\services.exe[648] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 001C0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys ---- EOF - GMER 2.1 ----