GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-27 15:17:26 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JS-60MHB5 rev.10.02E04 149,05GB Running: hf55n753.exe; Driver: C:\DOCUME~1\Natala\USTAWI~1\Temp\agedrfod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xA9119406] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xA93BB97C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xA9119EE4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xA916062C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xA9126498] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xA91264E4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xA912667E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xA915FFE0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xA9126406] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xA9126528] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xA912644E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xA911A41A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xA9126638] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xA911ACD2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xA911946C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xA9160CF2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xA9160FA8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xA911DE24] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xA9160B5D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xA91609C8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xA93BBA54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xA9119058] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xA93BBE36] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xA91194D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xA911E21A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xA911B816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xA91264C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xA9126506] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xA91266A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xA916033C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xA912642C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xA911D71C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xA91265B6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xA9126476] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xA911DB08] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xA912665C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xA93BBBD4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xA9160843] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xA911B62E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xA9160695] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xA911B184] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xA93CA090] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xA93CAA5C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xA915F623] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xA9119538] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xA911959E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xA911AB4C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xA91190F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xA91192C4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xA9160DF9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xA9119252] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xA911AE9C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xA911AFFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xA911934C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xA911A98A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xA911AB2C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xA93B8C14] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xA9119604] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xA9119F40] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2770 80501FCC 12 Bytes [38, 95, 11, A9, 9E, 95, 11, ...] {CMP [EBP-0x6a6156ef], DL; ADC [ECX-0x56ee54b4], EBP} .text ntkrnlpa.exe!ZwCallbackReturn + 2818 80502074 12 Bytes [9C, AE, 11, A9, FE, AF, 11, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059BA02 4 Bytes CALL A911BE6B \SystemRoot\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[456] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[504] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 1003B780 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[504] USER32.dll!SetWindowRgn + 2BD 7E37E7E5 7 Bytes JMP 1003B3D0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[504] USER32.dll!SetClipboardData + 19D 7E38113B 7 Bytes JMP 1003B340 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[504] USER32.dll!MessageBoxA + 49 7E3A0833 7 Bytes JMP 1003B680 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[504] USER32.dll!MessageBoxExW + 1F 7E3A0857 7 Bytes JMP 1003B570 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[504] USER32.dll!MessageBoxTimeoutA + CA 7E3B64D0 7 Bytes JMP 1003B6D0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1492] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[764] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[764] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- Device \Driver\Tcpip \Device\Ip aswStmXP.sys Device \Driver\Tcpip \Device\Tcp aswStmXP.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.sys Device \Driver\Tcpip \Device\Udp aswStmXP.sys Device \Driver\Tcpip \Device\RawIp aswStmXP.sys Device \Driver\Tcpip \Device\IPMULTICAST aswStmXP.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ----