GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-29 09:59:55 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST500LM0 rev.2AR1 465,76GB Running: xr8bb2w5.exe; Driver: C:\DOCUME~1\Agata\USTAWI~1\Temp\pwddipow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xA486FAC4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xA4BBB0BA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xA48705A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xA48B65A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xA487C63C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xA487C688] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xA487C822] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xA48B5F54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xA487C5AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xA487C6CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xA487C5F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xA4870AD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xA487C7DC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xA4871390] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xA486FB2A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xA48B6C66] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xA48B6F1C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xA4874B86] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xA48B6AD1] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xA48B693C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xA486F716] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xA4BBB574] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xA486FB90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xA4874F7C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xA4871E78] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xA487C666] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xA487C6AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xA487C846] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xA48B62B0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xA487C5D0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xA487447E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xA487C75A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xA487C61A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xA487486A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xA487C800] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xA4BBB312] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xA48B67B7] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xA4871CEC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xA48B6609] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xA4871842] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xA4BC9358] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xA4BC9CC4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xA48B5597] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xA486FBF6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xA486FC5C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xA487120A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xA486F7B0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xA486F982] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xA48B6D6D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xA486F910] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xA487155A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xA48716BC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xA486FA0A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xA4871048] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xA48711EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xA486FCC2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xA48705FE] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [F6, FB, 86, A4, 5C, FC, 86, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [5A, 15, 87, A4, BC, 16, 87, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL A4872549 \SystemRoot\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1140] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1784] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[992] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[992] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys ---- Files - GMER 2.1 ---- File C:\Documents and Settings\Agata\Pulpit\ZDJECIA\ZDJÊCIA 046.jpg 2870326 bytes File C:\Documents and Settings\Agata\Pulpit\ZDJECIA\ZDJÊCIA 047.jpg 3596915 bytes ---- EOF - GMER 2.1 ----