GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-15 16:23:47 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Hitachi_HTS722012K9A300 rev.DCCOCA1H 111,79GB Running: 1s4s6dhv.exe; Driver: C:\DOCUME~1\MICHAL~1\USTAWI~1\Temp\pwlyapob.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xAA08A67A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xAA3CFAE2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xAA08B158] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xAA0D1D3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xAA0978F6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xAA097942] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xAA097ADC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xAA0D16F0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xAA097864] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xAA097986] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xAA0978AC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xAA08B68E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xAA097A96] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xAA08BDC0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xAA08A6E0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xAA0D2402] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xAA0D26B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xAA08F252] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xAA0D226D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xAA0D20D8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xAA3CFBBA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwGetContextThread [0xAA08C652] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xAA08A2CC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xAA3CFF9C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xAA08A746] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xAA08F648] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xAA08CBE4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xAA097920] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xAA097964] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xAA097B00] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xAA0D1A4C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xAA09788A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xAA08EB2A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xAA097A14] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xAA0978D4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xAA08EF20] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xAA097ABA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xAA3CFD3A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xAA0D1F53] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xAA08C9FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xAA0D1DA5] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xAA08C3EA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xAA3DDF10] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xAA3DE8DC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xAA0D0D33] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwResumeProcess [0xAA08BF8A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwResumeThread [0xAA08C196] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xAA08A7AC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xAA08A812] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xAA08C77C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xAA08A366] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xAA08A538] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xAA0D2509] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xAA08A4C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xAA08C090] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xAA08C2C0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xAA08A5C0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xAA08BBFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xAA08BDA0] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xAA3CCD7A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xAA08A878] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xAA08B1B4] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2E64 8050474C 5 Bytes [4C, 1A, 0D, AA, 8A] .text ntkrnlpa.exe!ZwCallbackReturn + 2E6A 80504752 2 Bytes [09, AA] .text ntkrnlpa.exe!ZwCallbackReturn + 2F58 80504840 4 Bytes JMP E0AA08C3 .text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 805048A0 12 Bytes [33, 0D, 0D, AA, 8A, BF, 08, ...] {XOR ECX, [0xbf8aaa0d]; OR [EDX-0x55f73e6a], CH} .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [AC, A7, 08, AA, 12, A8, 08, ...] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL AA08D25D \SystemRoot\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[860] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\SearchIndexer.exe[2076] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL ---- Devices - GMER 2.2 ---- Device \Driver\Tcpip \Device\Ip aswStmXP.sys Device \Driver\Tcpip \Device\Tcp aswStmXP.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.sys Device \Driver\Tcpip \Device\Udp aswStmXP.sys Device \Driver\Tcpip \Device\RawIp aswStmXP.sys Device \Driver\Tcpip \Device\IPMULTICAST aswStmXP.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS ---- EOF - GMER 2.2 ----